Most Active Speaker

Dwayne Natwick

Dwayne Natwick

Global Principal Cloud Security Lead for Eviden | MVP - Security | (ISC)2 CCSP, CISSP |MCT Regional Lead | AWS Security & Identity Community Builder | Cloud Training Architect for Opsgility

Detroit, Michigan, United States

Dwayne is the Global Principal Cloud Security Lead for Eviden, an atos business. He is also a Microsoft MVP for Security, AWS Community Builder for Security & Identity, and an author, trainer, and product manager with over 30 years of experience in the IT industry. He is certified in (ISC)2 for CC, CCSP, and CISSP, and in multiple Azure and M365 roles, including Microsoft Cybersecurity Architect Expert, Azure Solution Architect Expert, AWS Solution Architect Associate, Azure Administrator Associate, Microsoft Security Analyst Associate, Microsoft Identity and Access Administrator Associate, Microsoft Information Protection Administrator Associate, Azure Security Engineer Associate, and Microsoft 365 Security Administrator Associate. He also has his AWS Solutions Architect Associate and PMI Project Management Professional.

In addition to creating curriculum, training, and blog writing, Dwayne is also a Microsoft Certified Trainer and Regional Lead and an (ISC)2 Authorized Trainer. Dwayne has also authored three books for Packt Publishing that are available on Amazon at


Area of Expertise

  • Information & Communications Technology


  • #Microsoft
  • Azure
  • Microsoft 365 Security
  • Azure Security
  • Microsoft 365 Compliance
  • Azure Security Center (ASC)
  • Azure AD
  • Microsoft 365
  • AWS Security
  • AWS Architecture
  • AWS Architect

Why Developers need to understand and plan for security from the start of AppDev

In this session, I will dive into the top 5 ways that developers should think about security when creating new apps and connecting to databases. This talk will also highlight how an Azure Web Application Firewall can protect against common attacks on web-based applications noted in the OWASP Top 10.

Data Security Posture Management: Keeping your data secure from development to production

In this session, we will discuss strategies to secure and govern over data in the cloud. Strong data governance is an important aspect of protecting data exposure and maintaining compliance. I will discuss how to know where your data is located, understanding what data is sensitive, and maintaining sovereignty of that data based on regulatory and government privacy restrictions.

5 Ways to Protect Sensitive Data and PII with Microsoft Purview Compliance Manager

In this session, I will discuss how Microsoft Purview Compliance Manager can identify and protect sensitive data and PII. This will include the utilization of data classification, sensitive information types, sensitive label policies, data loss prevention policies, and records management. At the end of this session, you will understand the tools in Microsoft Purview Compliance Manager to maintain and manage a high compliance score within Microsoft 365, Azure, and third-party storage.

Winning the Security "End Game", Tips to enforce secure access on your network

In this session, I will provide tips to isolate and protect access to your network resources and applications through IAM policies, conditional access, web application firewalls, privileged access, and diversion techniques to win the End Game against attackers.

Protecting the Infinity Stones - What Elements of Security did the Avengers fail to enforce?

In this session, I will discuss the manner in which the Infinity stones were able to be collected by Thanos and how enforcing a Zero Trust framework could have avoided the events of Infinity War.

"This is the way" Why developers should be thinking about security "under the helmet".

In this session, I will dive into the top 5 ways that developers should think about security when creating new apps and connecting to databases. This talk will also highlight how an Azure Web Application Firewall can protect against common attacks on web-based applications noted in the OWASP Top 10.

Architecting a Zero Trust Framework in Azure

In this article, Dwayne will provide guidance toward architecting a Zero Trust Framework within your Azure infrastructure. He will provide areas of focus for identity, networking, devices, applications, and data for a defense in depth security design. This article will close with a case study example of how to evaluate and consult for a Zero Trust Framework within your company or customer.

Ask Me Anything about Multicloud MDR with Defender for Cloud and Sentinel

Azure is Mother Nature from the Year without Santa Claus and you need the Heat Miser (AWS) and Cold Miser (GCP) to work together for a complete multi-cloud security posture. Join me for this live stream and ask me how to architect this using Defender for Cloud and Sentinel.

How Machine Learning and AI influence Cloud Security and Governance

In this session, Dwayne will discuss the various ways that machine learning and AI technologies are used within cloud-native tools and SIEM/SOAR solutions for security, governance, and threat detection and response.

Cloud Security - Are you revisiting your risk analysis?

With the capabilities and controls that are included with many cloud services, organizations should revisit their previous risk analysis to determine if there is now an opportunity to mitigate risks that were previously accepted.

Accelerating Cloud Adoption

Discuss how to accelerate to the cloud with Azure Cloud Adoption Framework and secure Cloud Landing Zones

How a Defense in Depth strategy could have saved the Empire

Anyone that has watched the Star Wars franchise should recognize that there are some major security flaws within the Empire. This session will uncover how the Empire could have stopped the Rebels with a proper Defense in Depth security posture.

Microsoft Defender for Cloud - Hybrid Cloud Security Posture Management

In this post, Dwayne will provide guidance for configuring and managing Azure, hybrid, and multi-cloud resources within Microsoft Defender for Cloud for complete security posture management of your infrastructure. After configuring resources for security posture management, you will be guided on how to configure vulnerability scans on these resources for next level security posture management.

Zero Trust testing with Conditional Access Policies' "What If"

In this session, I will provide a quick overview of how Conditional Access Policies enable Zero Trust in your company, and then show you how you can create and test your own policies with the "What if" functionality in Conditional Access.

Responsible AI and Data for public health and law enforcement

In this session, Dwayne will talk about best practices of how Azure data modeling and AI can be used using Law Enforcement & Public Health. This will include how to properly and securely ingest and transform data, and practicing responsible AI practices.

How to manage policy and compliance in Microsoft Defender for Cloud

In this guided presentation, I will provide you with actionable information on how to manage resources and your security posture using Microsoft Defender for Cloud (formerly Azure Security Center). This will include Step by Step instructions on how you can manage compliance standards, defender threats, and best practices.

Connecting and managing data sources with Azure Sentinel

Guided workshop with user lab on how to connect Microsoft and third party data sources to Azure Sentinel. Create actions and tasks using Logic Apps and Log Analytics.

Path to Cloud Security Certification

An overview of the learning objectives for the Microsoft 365 and Azure Security certifications. This will include MS-500, AZ-500, and the new SC certifications. These paths provide security compliance and Identity knowledge and certifications for Microsoft technologies. Additionally, Dwayne will discuss other vendor independent certifications that can assist on your cloud security journey. Including recommended paths and study guides.

Managing governance and compliance for Microsoft 365 and Teams

This session will provide an overview of the challenges that administrators and organizations face in a remote user environment in governing the confidentiality and integrity of data. I will discuss some ways to create and govern policies within Microsoft 365 and Teams to maintain governance of access to applications and data for remote users. I will look at how the security and compliance dashboard can be used to monitor policy compliance for protection of information and user identity. And finally, we will talk about how regulatory compliance can be monitored and managed through the Service Trust Portal

Azure Fundamentals Series - Security services, business continuity, governance, and subscriptions

In this session, we will discuss the various security, monitoring, and management services within Azure. We will discuss business continuity and governance within Azure. We will wrap up this series with a review of how Azure subscriptions are categorized.

Azure Fundamentals Series - Core PaaS and Database services

In this session, we will discuss the various platform services within Azure, including App Services, Databases (SQL and no-SQL), Container services, and server-less/microservices.

Azure Fundamentals Series - Core IaaS, storage, and network services

In this session, we will discuss the core compute, storage, and network services within the Azure environment. This will include Virtual Machines, Azure storage, and VNETs.

Azure Fundamentals Series - Cloud concepts and the Azure structure

In this session, we will explore the basic concepts and services that pertain to cloud services and technologies. We will highlight where some of the Azure service relate to these services.

Using Azure to build and monitor a Defense in Depth security posture

Building a strong defense in depth security posture is much like building and protecting a house. There are multiple levels of security. This session will focus on the foundational areas of protection: Identity protection, Monitoring and Patching, and Data Protection, and how Azure Policy and Azure Security Center can be used to monitor, audit, and manage the environment to protect resources and data.

Using Azure Policy initiatives for organizational governance

Challenges arise within a cloud environment when resources can be created that may affect, cost, security, or regulatory jurisdictions. Role-based access control (RBAC) and the principles of least privilege provide levels of restriction to users and groups within the environment as to what resources they can access or create, but they do not set parameters on where they can be created, the level of cost, or the security requirements. Azure policies are created, assigned, and utilized to govern the resources within your Azure subscription. Policies should be put in place based on the business, security, and financial requirements of the organization. This session will explore these three areas and examples of each that can be assigned and monitored.

Starting Your Azure Exam prep with Microsoft Learn

This session will navigate through Microsoft Learn and how to setup an account, view learning paths, exams, and certification topics, and creating your own Azure exam preparation roadmap.

So You want to be an Azure Architect Expert - Security and Identity

This session will cover the various security and identity management topics necessary for the Azure Architect Expert exams. These will include Azure AD and Azure AD connect, RBAC and MFA, Azure Policy and Security Center, Azure Monitor, and Log Analytics.

So You want to be an Azure Solutions Architect Expert

This session will lay the foundation to get you on the path to becoming an Azure Solutions Architect Expert. We will discuss the exams required and the objective areas covered.

So You want to be an Azure Architect Expert - Labs

This session will go through some hands-on labs to set up resources within Azure. This will include creating a Virtual Machine scale set and availability set, VNET creating and peering, Storage account creation, Database creation with elastic pools, and configuring Azure Migrate and Azure Site Recovery projects.

So You want to be an Azure Architect Expert - PaaS

This session will cover the platform services with Azure needed to pass the Azure Architect Expert exam. These will include App services, Azure Functions, Logic Apps, Event hub, Event grid, and CDN.

So You want to be an Azure Architect Expert - IaaS

This session will cover the various IaaS services needed to pass the Azure Architect Expert exam, including Virtual Machines, Scale sets, availability sets, availability zones, virtual networks, VNET peering, Virtual gateways, hybrid networks, and Load balancers. We will touch on migration and site recovery as well.

Protecting your Azure house - Best Practices for Data security

An organization is expected to provide an environment where information is available from anywhere at anytime for users. The growth of cloud technologies has provided a means and a challenge to organizations as they enrich the accessibility of information and applications. Attending this presentation will provide guidance on how to enable best practices within the organization to secure data and application access through the tools provided within cloud environments. These best practices will allow an organization to excel in the ability to provide an expanded ability to enrich user experience and attract talent with the availability of information, while maintaining organizational confidentiality and integrity.

So You want to be an Azure Architect Expert - Data and Storage

This session will cover the data and storage areas to understand when preparing for the Azure Solutions Architect Expert exams. This will include Azure Storage accounts, Azure Data Lake, and Azure Database options.

Building a Certification Roadmap

I will provide guidance and resources that can get you on a path to getting certified in cloud technologies.

Breaking down the use of Platform Service in Azure

This session will help to break down and simplify choosing platform services in Azure. Including the benefits that come with the use of platform services (PaaS) versus infrastructure services (IaaS).

Becoming a Certified Azure Developer Associate

Attending this session will provide you with some guidance on determining your certification path and roadmap, beginning your exam prep, learning resources, and an overview of the objectives for the exam AZ-204: Developing Solutions for Microsoft Azure, related to the Azure Developer Associate Certification.

How to connect Office 365 and Cloud App Security into Azure Sentinel SIEM

This session will provide a 'how-to' guide in connecting Office 365 and Cloud App Security into the Azure Sentinel SIEM to monitor and investigate sign in and application activity. You will learn how to prepare the 365 subscriptions and how to connect the data sources. Once connected, we will review the information that is provided to Azure Sentinel.

Modern Authentication - why passwords are no longer a priority

In this session, Dwayne Natwick will discuss the uses for Modern Authentication and how passwords are having decreased relevance within an identity infrastructure. We will discuss how these new techniques provide additional protection and security for your cloud identities, and demonstrate how to plan and architect a strong hybrid identity structure.

Using conditional access policies for modern authentication

Lightning demo session on how to set up and use conditional access policies to manage and monitor a modern authentication strategy.

Do or do not, there is no try... Zero Trust and Modern Authentication

Whether you are protecting the plans for the Death Star or the secrets of the Jedi, you must protect against unauthorized access. In this session, Dwayne Natwick will discuss Zero Trust and the uses for Modern Authentication. Passwords are needing a decreased relevance within an identity infrastructure. We will discuss how these new techniques provide additional protection and security for your cloud identities, and demonstrate how to plan and architect a strong hybrid identity structure.

Why Low-code/No-code doesn't mean Low/No Security

The fusion of IT and business functions has helped drive greater value from technology investments and placed digital strategies at the heart of new business models. It is only logical that the next step would be to bring this democratization to the end user. Employees like Fred and Jane can quickly develop their own business-centric applications with GUI-driven low-code development platforms that require no programming expertise. On the surface it sounds like an amazing business tool for the modern enterprise, but it poses challenges for those in charge of securing the organizations data and enforcing compliance. This session will discuss these challenges and how to address them.

5 Recommendations to Secure Identities in the Cloud

In this session, Dwayne will discuss five recommendations that can be used to provide secure and protected identities when moving to cloud technologies. As companies move to the cloud, identity becomes the primary perimeter where attackers can exploit vulnerabilities. These recommendations can provide a foundation for securing the cloud and avoiding identities from being compromised.

Multicloud MDR and Security Operations with Defender and Sentinel

In this session, Dwayne discusses how Microsoft Defender, Microsoft 365 Defender, and Microsoft Sentinel can bring together a full multicloud architecture for Detection and Response, and Security Operations.

Security Posture Management for Multi-cloud and Hybrid Infrastructures

In this session, Dwayne provides guidance and tools that can be used for security posture management in multi-cloud and hybrid infrastructures. This will include popular CSPM tools within Microsoft, Google, and AWS.

Multi-cloud Security Operations with Microsoft Sentinel

In this session, Dwayne will discuss how Microsoft Sentinel can bring together a hybrid and multi-cloud architecture with a single cloud-native SIEM and SOAR solution.

Microsoft 365 Security and Compliance User Group User group Upcoming

Not scheduled yet.

TechBash 2023 Upcoming

November 2023 Mount Pocono, Pennsylvania, United States

(ISC)2 Security Congress Upcoming

Session: Why Low/No Code does not mean Low/No Security
Event description: Start making plans now for industry-leading education, five visionary keynotes, exclusive networking, new career resources, exhibitor showcases and much more — all delivered under one roof at the stunning Gaylord Opryland Resort.

Lead with Confidence, the theme of our 13th annual event, champions the growth and vitality of cybersecurity professionals in every phase of their career – from (ISC)² Candidates to seasoned CISOs – through engaged learning that builds the competence and confidence to lead.

This year’s curated content will dive deep into the hottest topics in cybersecurity. You’ll take back actionable strategies you can put in place now and forecasts for the future that will prepare you for what’s next in our ever-evolving field.

October 2023 Nashville, Tennessee, United States

GrrCon Upcoming

Session: Architecting a Zero Trust Framework for the Cloud
Event details: GrrCON is an information security and hacking conference that provides the Midwest InfoSec community with a fun atmosphere to come together and engage with like-minded people. We keep GrrCON small with around 2,000 in attendance to allow us to provide those things other events leave out. Whether you are a Fortune 500 executive, security researcher, industry professional, student, or a hacker of “flexible” morals you will find something for you at GrrCON.

September 2023 Grand Rapids, Michigan, United States

CyberSaint STRONGER 2023 Upcoming

Session: Are You Ready for the Cloud? Cloud Security Maturity and Risk
Description: In this session, I will discuss how to plan and architect a cybersecurity maturity model to address risks and vulnerabilities in the cloud.

September 2023

AWS re:Inforce Upcoming

Session: Power Up your CloudOps with a unified approach to AWS Security Services.

June 2023 Anaheim, California, United States

Microsoft Purview Days 2023

May 2023

Midwest Global AI Developer Days

November 2022

Head Securely in the Clouds User group

October 2022

Azure Back to School 2022

September 2022

Come Cloud with Us User group

July 2022

Azure User Group Sweden User group

May 2022

Irish Techie talks... (2022) User group

May 2022

AzureLive 2022

April 2022

Microsoft Cloud Security User Group User group

February 2022

Global Azure 2021

April 2021

MCT Summit 2021

March 2021

M365 Virtual Career Fair

February 2021

Azure Thames Valley

February 2021 Reading, United Kingdom

Festive Tech Calendar

December 2020

Global Azure Virtual

April 2020 Seattle, Washington, United States

Dwayne Natwick

Global Principal Cloud Security Lead for Eviden | MVP - Security | (ISC)2 CCSP, CISSP |MCT Regional Lead | AWS Security & Identity Community Builder | Cloud Training Architect for Opsgility

Detroit, Michigan, United States