George Coldham
Cloud Solution Architect @ Microsoft | Zero Trust & Identity at Enterprise Scale | International Speaker, Educator & Community Founder
Perth, Australia
Actions
George Coldham is a Cloud Solution Architect at Microsoft, working with enterprise and public-sector organisations to design and operate secure cloud and identity architectures at scale.
His work focuses on Zero Trust, identity as the modern security control plane, and the practical realities of securing SaaS, cloud platforms, and emerging AI systems in complex environments. George specialises in helping organisations reduce real-world risk without undermining productivity or user experience.
Alongside his technical role, George is an experienced international speaker, educator, and community organiser. He regularly presents at industry conferences, bootcamps, and meetups, translating complex security concepts into practical guidance for practitioners and decision-makers.
George is the founder of Global Security Bootcamp, the lead organiser of the Perth Microsoft Security Meetup, and an organiser within the global AI and developer community. He brings a practitioner-led, evidence-based perspective to his talks, drawing on real customer scenarios rather than vendor theory or marketing narratives.
His speaking topics include Zero Trust beyond the marketing slides, identity-driven security, cloud and SaaS security in practice, and designing security architectures for humans as well as systems.
Links
Area of Expertise
Topics
Securing Cloud API Access
All public cloud providers have multiple interfaces for managing your infrastructure and applications hosted within. If you were to follow a journey of cloud maturity you start with click-ops authenticated via username and password, and progress towards automation leveraging programmatic methods using API.
A recent survey showed that 75% of participants found it daunting to leverage Cloud API due to getting credentialed access. Starting to learn this can be daunting even if you are a seasoned IT professional. Where do you start? How do you authenticate? How do you secure your solution using best practice?
Attend this session to get a kick start on leveraging APIs in public cloud, ways to get API access, how to secure this access, and resources you can take away to continue your learning journey.
From prompt to protocol, securing AI agents and MCP
AI isn’t just about asking chatbots questions anymore, it’s about building agents that think, act, and share context automatically. Each evolution from basic LLM hacks like prompt injections and jailbreaks, to full-blown agent workflows open new doors for attackers.
In this session, I’ll take you on a journey through real-world examples of how these risks multiply, and then zero in on the Model Context Protocol’s own blind spots.
You’ll walk away confident with four straightforward mitigations, leaving you ready to implementing Monday morning to make your AI systems tougher.
Developers, the new targets in the cyber battleground.
Developers are the driving force behind value creation in today's digital age. They have the superpower to turn code into revenue-generating products that can scale to unicorn proportions. However, with great power comes great responsibility. Developers are granted extensive permissions to do their work, but these same permissions can also pose a security risk if they fall into the wrong hands. That's why it's crucial to implement security measures that protect your organization without hindering your developers' productivity.
Join us for a talk on practical tips for securing your developers. We'll discuss tools, techniques, and procedures for securing both human and automated workflows. You'll learn how to:
* Identify and mitigate common security risks in the developer environment
* Implement security controls that balance protection and productivity
* Empower developers to work securely and efficiently
Don't let security be an afterthought. Join us and learn how to build a culture of security that starts with the developer.
The Anatomy of a Ransomware Attack
Ransomware is big business, with total recorded payments exceeding $1 billion in 2023, an 18% year-on-year growth. The barrier to entry has never been lower, with Ransomware as a Service (RaaS) removing the need for deep technical expertise and opening the door to opportunistic criminals with business nous and temerity to conduct such activity. Small to medium-sized businesses, as well as large enterprises, are equally vulnerable to these attacks, which often begin with simple phishing emails or exploit kits.
In this talk, we will step through a ransomware attack, following commonly used tactics from prevalent groups such as REvil, Ryuk, and Sodinokibi. For each step of the attack, options for mitigating risk or reducing the likelihood of success will be given, including strategies for improving email security, network segmentation, and incident response.
By attending this session, you will:
+ Understand the anatomy of a ransomware attack, including the tactics and techniques used by prevalent groups
+ Learn how to identify and mitigate the risks associated with ransomware attacks, including phishing, exploit kits, and lateral movement
Securing Cloud identities in Azure
Cloud Identities are the secure boundary protecting all cloud resources, whether infrastructure, platform or software as a service offering. The 2023 State of the Cloud Permissions Risk Report commenting on problems common on all public clouds shares the following.
• Identities are only using 1% of granted permissions
• Workload identities are using less than 5% of their assigned permissions and that more than 80% of these accounts are inactive.
• There are on average 200+ services across cloud providers and common practices grant access to new services as they are released.
This technical discussion will cover the various types of identities used in public cloud including use cases, common misconfigurations and how they are exploited. Key takeaways include best practice implementation, understanding how to monitor and govern identities in Azure, and security tooling.
AI Security Posture Management with Defender for Cloud
Defender for Cloud is Microsoft's multi-cloud CNAPP (Cloud Native Application Protection Platform), and through Defender CSPM (Cloud Security Posture Management) it proactively assists in protecting your AI applications hosted in your public cloud environments.
This session will explain the capability of AI SPM (Security Posture Management) to protect applications, manage AI dependencies, IaC (Infrastructure as Code) misconfigurations and container images for vulnerabilities. Learn how this powerful tooling integrates with your developer workflow and provides a governance view for organisations maintain consistent work practices across the organisation and a secure cloud environment.
From Tech Confidence to Cyber Victim: The Irony of Pig Butchering Scams
"From Tech Confidence to Cyber Victim" offers a compelling look into the world of 'pig butchering' scams, where the very strengths that define IT professionals can become their greatest vulnerabilities. This talk explores the ironic twist where high confidence in technological expertise leads even the most seasoned IT experts into the traps of sophisticated online fraud.
We'll examine how the unique skills and attributes of IT professionals—such as a deep understanding of complex systems, problem-solving abilities, and routine exposure to cyber risks—can paradoxically make them more susceptible to these emotionally driven scams. Delving into real-life examples, we illustrate how scammers artfully blend technical jargon with psychological manipulation, exploiting the blind spots created by tech confidence.
This session is designed to bridge the gap between technical know-how and the often-overlooked human element of cybersecurity. Attendees will learn about the subtle intricacies of 'pig butchering' scams, why their professional expertise might not be the complete armour they thought it was, and how to develop a more holistic approach to digital safety and scepticism.
Join us for an enlightening journey from the peaks of tech confidence to the unforeseen valleys of cyber victimhood and arm yourself with the knowledge to defend against the ironies of modern cyber threats.
Microsoft Security Copilot - your new best friend!
Microsoft Security Copilot leverages with the full power of Generative AI with specially trained models focused on Security Operations within a Microsoft Security environment.
Attend this session to go on a deep dive for Microsoft Security Copilot. Learn how it can assist security operations teams to prioritise workloads, facilitate incident response and remediation, understand how it can assist on understanding best practice to manage environments in ways to reduce the likelihood of repeat successful attacks.
NDC Sydney 2026 Sessionize Event Upcoming
AI Community Singapore Sessionize Event
Global Security BootCamp [Perth 2025] Sessionize Event
AgentCon 2025 - Perth Sessionize Event
Global AI Bootcamp Perth 2025 Sessionize Event
NDC Sydney 2024 Sessionize Event
NDC Security 2024 Sessionize Event
DDD Perth 2023 Sessionize Event
Copenhagen Developers Festival 2023 Sessionize Event
NDC London 2023 Sessionize Event
NDC Security 2023 Sessionize Event
DDD Perth 2022 Sessionize Event
George Coldham
Cloud Solution Architect @ Microsoft | Zero Trust & Identity at Enterprise Scale | International Speaker, Educator & Community Founder
Perth, Australia
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top