About

30 years delivering secure,
scalable cloud infrastructure

NorthLayer is built on real-world delivery experience across Azure security architecture, M365 Defender, Sentinel, Purview, Copilot governance, AWS security, and enterprise platform engineering — not just advisory.

Background

I'm Phil Hynes, a contract cloud security architect based in Coventry, commutable to London and available UK-wide and remotely. NorthLayer is my independent practice — built after over 30 years delivering infrastructure and security programmes for public and commercial organisations, spanning financial services, manufacturing, logistics, and commercial sectors.

I built a deep foundation in network infrastructure, identity, and systems engineering before specialising in Microsoft Azure and cloud security. That breadth means I understand how security controls interact with the underlying platform — not just how to configure a tool in isolation.

Specialism

My primary specialism is the Microsoft security stack: Azure security architecture, Microsoft Sentinel, Defender XDR, Microsoft Purview, and Entra ID — implemented hands-on, not just designed on a whiteboard. I understand how these tools behave in production, where the edge cases are, and how to make them work together reliably at scale.

Alongside Microsoft, I work across AWS security — covering IAM, Security Hub, GuardDuty, AWS Config, and secure landing zone design. Whether the environment is Azure-native, AWS-hosted, or a hybrid of both, I can architect and implement the security controls to match.

Recent engagements have included Sentinel and Defender XDR deployments, Azure security architecture for commercial organisations, cloud migration programmes, Purview data governance, and AI governance — configuring controls for Microsoft 365 Copilot and mapping AI risk to the NIST AI Risk Management Framework.

What I Deliver

Every engagement produces working implementations — not slide decks. Architecture decisions are codified as Terraform or ARM, security controls are deployed and tested, and your team receives the runbooks and SOPs to operate what's been built. I write clear HLD/LLD documentation and can present technical findings to both engineering teams and executive stakeholders.

I hold government security clearance, making me eligible for UK public sector and commercial engagements.

Azure, AWS & Security Expertise

Azure Security Architecture
Zero Trust Design
Entra ID & Conditional Access
PIM / PAM
Microsoft Sentinel
Defender XDR
Defender for Cloud
Microsoft Purview
KQL (Advanced)
SOAR Playbooks
Azure Function Apps
Logic Apps & APIM
AKS
Terraform & ARM
Azure DevOps / CI-CD
PowerShell & Python
Threat Modelling (STRIDE)
MITRE ATT&CK
AI Security (NIST AI RMF)
RadSec / 802.1X
M365 Copilot Guardrails
DSPM for AI
Azure OpenAI Governance
Purview Information Protection
DLP Policies
Prompt Injection Defence
AWS IAM & SCPs
AWS Security Hub
AWS GuardDuty
AWS Config & CloudTrail
AWS Landing Zone
AWS WAF & Shield

Frameworks Applied

NIST CSF
NIST 800-53
NIST AI RMF
ISO 27001
CIS Benchmarks
NCSC CAF
Secure by Design
NIST CSF 2.0
NIST AI RMF
CIA Triad

Engagement Model

I work on a contract basis — full-time, part-time, or advisory. Engagements are typically scoped upfront with defined deliverables and timelines, though I can also work in a time-and-materials model for ongoing programmes. Part-time availability after a project completes means your organisation retains access to the person who built the system, not a handover note.

I also work directly alongside in-house IT teams who have the capability to deliver but need a specialist to bridge the gap — helping shape roadmaps, produce high-level designs, and acting as a peer support partner on security challenges as they arise. This works well for organisations that want to build internal capability over time, not just buy a one-off deliverable.

Book a Discovery Call

30+
Years infrastructure & security experience
7+
Years Microsoft Azure & M365 security
6+
Security frameworks applied in production