Alistair Pugin
Microsoft MVP | Speaker | Blogger | Podcaster | Do-er@Celyntis
Cape Town, South Africa
Actions
Alistair has worked in various capacities across multiple verticals — from retail and manufacturing to government — supporting environments ranging from 50 to 50,000 users through comprehensive Enterprise Information Management and Cybersecurity initiatives.
As a Microsoft MVP based in South Africa, he helps organizations architectand secure, intelligent ecosystems using “best of breed,” proven methodologies that foster innovation, resilience, and growth. His approach combines Enterprise Content Management (ECM), and modern Cybersecurity practices to protect data while enabling collaboration and digital transformation.
With this vision, Alistair is committed to providing customers with platforms for Business Productivity Enrichment, establishing communities of practice, and building a measurable, sustainable knowledge economy within a secure, zero-trust framework.
Area of Expertise
Topics
Zero Trust or Zero Chance? Closing Identity Security Pitfalls
Traditional perimeter-based security exposes major weaknesses, as attackers exploit compromised credentials, legacy systems, and excessive privileges to move laterally, making identity the new frontline for Zero Trust strategies in 2026. In this session, we look at how to:
- Implement continuous authentication and dynamic risk-based access reviews using multi-factor authentication (MFA) for all identities, including service accounts and third-party integrations.
- Enforce least privilege policies, automating the removal of excessive permissions and segmenting access by user role, device, and context.
- Systematically inventory all identities (human and non-human) and integrate lifecycle management, automating provisioning, deactivation, and credential rotation.
- Continuously monitor and baseline normal behavior, using analytics and SIEM to detect anomalies and suspicious activity across all access events.
By applying Zero Trust principles "never trust, always verify", organizations shift from implicit trust to continuous validation, enforcing strict access controls and real-time monitoring for every user and machine identity.
Zero Trust for Copilot: Securing AI Collaboration
As Microsoft 365 Copilot accelerates productivity, it also introduces new risks around data access, identity misuse, and compliance exposure. Applying a Zero Trust framework ensures every Copilot interaction is verified, governed, and protected — securing both users and data. In this session we look at:
- identity and Access Control: Integrate Entra ID Conditional Access and MFA to validate every user and device accessing Copilot prompts and outputs.
- Data Classification and Sensitivity Labels: Apply Microsoft Purview classification to control what data Copilot can process, ensuring policy-based responses.
- Continuous Monitoring and Threat Detection: Utilize Microsoft Defender for Cloud Apps and Insider Risk Management to track anomalies in Copilot usage.
- Compliance-Aware AI Guardrails: Deploy Microsoft 365 Copilot governance settings to enforce regulatory alignment (GDPR, HIPAA, etc.) while guiding users within safe AI boundaries.
Attendees will leave with the ability to secure and safeguard critical AI workloads enabled in Microsoft 365.
Zero Trust Architecture for SRE
Site Reliability Engineering is no longer a new discussion topic. DevOps Engineers have had to embrace SRE principles and with that comes cybersecurity practices.
In this session, we cover:
- How to unpack Zero Trust for Code
- How to incorporate Zero Trust Architecture into your CI/CD Pipelines
- Using Compliance as Code to improve you release management
Because data breaches are common practice in today's world, its vital that DevOps adheres to cyversecurity standards. Come along to this session to find out how Zero Trust can help you secure your workloads.
Shift Left for AI: Embedding Responsible Intelligence into Your SDLC
If DevSecOps taught us to ‘shift security left,’ responsible AI pushes us to ‘shift ethics left.’
This session demonstrates how developers can proactively integrate ethical and secure AI development earlier in the software lifecycle.
Learn how to use responsible AI principles; fairness, accountability, transparency, and security; to shape architectural and deployment decisions in .NET and Azure environments. This session empowers teams to build AI systems that are not just powerful, but principled.
Shadow Access: The Peril of Entra ID Privilege Sprawl
Over-privileged and unmanaged identities, especially with the rise of machine and hybrid accounts, create dangerous vectors for attackers to escalate access and compromise critical data. Zero Trust policies and automated privilege management can efficiently prevent privilege misuse and minimize breach impacts. In this session we cover:
- Auditing and continuously monitoring both human and non-human identity privileges.
- Enforcing least-privilege principles and automate privilege reviews.
- Limiting life span and scope of secrets/API credentials.
- Segregating access by environment and validating use cases for privilege elevation.
Lock down you environment by implementing effective privilege controls, continuous audit, and removing excessive legacy permissions to close common attack paths.
Safeguard Sensitive Business Data with Microsoft's Zero Trust Adoption Framework
Businesses that fail to put adequate security controls in place to protect sensitive data face the risk of
data breaches, financial loss, and damage to reputation. In this session we look at how to implement the following:
- Design an architecture that establishes trust based on device and identity security
- Control device access to applications and aata
- Authenticate device and user access
- Monitor and detect threats
By working through Microsoft’s Zero Trust Adoption Framework, companies can mitigate the risk of security and data breaches. Come along to this session to find out how.
Implementing Zero Trust for Containers - A Best Practice Guide
Customers have been modernizing applications since the advent of Microservices and Serverless but have struggled with implementing Zero Trust at a container level.
In this session we uncover:
- What Zero Trust Architecture is
- How to secure your container infrastructure with Zero Trust
- What options are available in Microsoft Azure for locking down containers
- How to monitor and manage container security
By implementing Zero Trust best practices, companies are able to mitigate their cybersecurity risks and achieve a higher Cloud Security Posture state.
Come along to this session to find out how.
Guardrails for Generative AI: Securing and Governing AI in .NET
With the rise of generative AI in enterprise development, the line between developer and model is blurring.
This session focuses on protecting AI assets within the .NET ecosystem; from securing model APIs and prompt inputs to preventing data leakage in Copilot-like applications.
Explore how DevSecOps practices can create AI guardrails that ensure compliance, privacy, and security, while enabling innovation with Azure OpenAI and .NET workloads.
Implementing Microsoft's Zero Trust Adoption Framework: An end to end guide
Microsoft has recently created the Microsoft Zero Trust Adoption Framework. A list of 5 business scenario's that they believe is pivotal to drastically improving your security posture. This workshop covers 4 of the 5 business scenarios:
- Rapidly modernize your security posture
- Secure remote and hybrid work
- Identify and protect sensitive business data
- Meet regulatory and compliance requirements
- How Security Copilot accelerates your Security Posture
Organizations will achieve optimum security standards and posture management by implementing a results driven framework.
Deploying Zero Trust with Microsoft 365: Best Practice Guide (Including Security Copilot)
Cloud security is vastly different from the traditional perimeter security organizations have been used to. So how do you ensure that your cloud security, is well, secure?? In this session we unpack:
- What Zero Trust Architecture is
- How Microsoft splits its tech stack
- How to use Security Copilot with Zero Trust
- How to measure your security posture over time
Zero Trust Architecture deployment will protect your cloud investment against hackers. Get started now!!
Best Practices for configuring and managing Copilot Agents
Yes, There is AI in your productivity stack. Yes, it does things for you. But. You need to make sure that your content is structured and managed correctly, otherwise, people will gain access to information that they should not have access to.
In this session we cover:
- How to configure your tenant for Copilot
- Preparing for Copilot Agents
- How to use Copilot Agents effectively
- Security considerations for Copilot Agents
- Copilot Agent extensibility
By understanding how Copilot Agents work in your tenant, you will be able to get the most out of your investment.
Deploying Zero Trust with Microsoft 365: Best Practice Guide
Cloud security is vastly different from the traditional perimeter security organizations have been used to. So how do you ensure that your cloud security, is well, secure?? In this session we unpack:
- What Zero Trust Architecture is
- How Microsoft splits its tech stack
- How to configure your Microsoft tenant for ZT
- How to measure your security posture over time
Zero Trust Architecture deployment will protect your cloud investment against hackers. Get started now!!
AI on the Attack: Stop AI Threats Immediatately
AI-driven phishing and deepfake technologies are dramatically escalating social engineering risks for organizations, targeting user identities with overwhelming realism and speed. Modern security strategies must leverage advanced detection, adaptive MFA, and employee awareness to neutralize AI-powered threats before they cause damage. In this session we look at:
- Implementing adaptive multi-factor authentication (MFA) with continuous risk assessment.
- Deploying AI-based detection for social engineering and deepfake attempts.
- Training users to identify sophisticated phishing and impersonation.
- Establishing real-time incident response playbooks for AI-driven attacks.
AI-powered threats reshape phishing and impersonation risks, making layered detection and user vigilance essential in 2026.
The commoditization of SharePoint
Over the last 5 years, more so in the last 18 months, we have seen a great leap forward in what is now known as the “commoditization” of SharePoint. Even Microsoft has started producing “3rd Party” bolt on products for not only SharePoint but Office 365, at such a rate that it’s difficult to keep up. This session covers:
• What commoditization means in the Microsoft world
• How to approach product vs build
• What is available right now
• Where the industry is moving to
Business users, architects and consultant alike will be able to make informed decisions regarding building composite solutions by not only utilizing the Microsoft stack but also the plethora of 3rd party products from vendors across the globe.
Top 5 tips to ensure a successful migration to SharePoint 2019
Not everyone is moving to the cloud. SharePoint Server is here to stay and customers are wanting to move to SharePoint 2019. With all the "cloud" features now being baked into SharePoint 2019, taking advantage of them is vitally important in preparing to eventually move to the cloud.
In this session we cover:
• How to perform an assessment of what you have
• How to interpret the assessment
• What order to plan your move
• How to transition from classic to modern
By accurately working through the assessment, organisations will be equipped with the necessary planning to move to SharePoint 2019 without the worry of "will things work" and in so doing, be able to successfully move across with consummate ease.
Your GDPR Compliance will fail without Azure Information Protection
The EU GDPR. Arguably the most impactful Information and Communications Technology legislation passed in the last 30 years; We have been talking about it for 18 months and now it has arrived. The question is, what have you put in place to ensure that your content in Office 365 is compliant?
In this session we unpack:
- What is Azure Information Protection, the Security and Compliance Center, and Conditional Access
- How to secure content correctly across SharePoint, OneDrive, Exchange and Teams, including Skype for Business
- How to manage applications and devices
- What tool to use when
The protection of the personally identifiable information of all EU citizens is what the GDPR is all about and without being able to implement the correct tools, companies will face stiff fines. So come along to find out how to do this within Office 365.
Alistair Pugin
Microsoft MVP | Speaker | Blogger | Podcaster | Do-er@Celyntis
Cape Town, South Africa
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top