Cyphora.io
Stefan Alexander Smit

Stefan Alexander Smit

Cloud Security Consultant · Azure & Microsoft Security Operations

Quiet by nature, curious by habit, and mildly suspicious of my own competence. I spend my days building detection and response capabilities on Microsoft Azure — and occasionally breaking things to understand how to secure them better.

LinkedInGitHub

About Me

I used to be that kid who was scared of turning his hobby into a job. But here I am, doing exactly that — and loving every minute of it. I have had the privilege of working alongside some incredible people and learning from the best in the industry. This journey has been filled with challenges, growth, and above all — a deep gratitude to those who have supported me along the way.

Over the years I've worked as an engineer, architect, and technical manager across a range of environments — from building SOC capabilities at managed security service providers to designing detection and response solutions for large-scale government organisations. I work primarily with Microsoft Sentinel, Defender XDR, and KQL, and I have a particular appreciation for SOAR automation — because life is too short to triage the same alert manually twice!😎

This blog is my way of sharing what I learn along the way — no fluff, just the stuff I wish I'd found sooner. Whether you're a fellow security professional, a student, or just someone curious about cloud security — I hope you find something useful here. And if you ever want to chat about all things cyber security, or just want to say hi — don't hesitate to reach out!

Areas of Expertise

Microsoft SentinelMicrosoft Defender XDRAzure SecurityKQLDetection EngineeringSOAR & AutomationAzure Policy & GovernanceInfrastructure as Code (IaC)Entra IDThreat ModelingCloud Adoption Framework (CAF)Security ArchitectureSecurity OperationsCloud OperationsMicrosoft Security CopilotAzure Data Explorer (ADX)

Certifications

  • Microsoft Certified: Security Operations Analyst Associate (SC-200)
    May 2021
  • Microsoft 365 Certified: Fundamentals (MS-900)
    December 2020
  • Microsoft Certified: Azure Fundamentals (AZ-900)
    November 2020

Professional Experience & Projects

Cloud Security Consultant

June 2024 – Present

Rubicon Cloud Advisors

Providing cloud security consultancy services focused on security operations, Microsoft security technologies, and supporting enterprise clients with improving detection, response, and security architecture practices.

Security Cluster

Cloud Security Architect/Engineer via Rubicon Cloud Advisors

June 2024 – Present

Belastingdienst (Dutch Tax Authority) — Government

Designing and engineering detection and response capabilities using Microsoft Sentinel and Defender XDR, performing threat modelling, developing KQL detections, and implementing security automation within a large-scale government environment.

Security OperationsMicrosoft SentinelMicrosoft Defender XDRKQLThreat ModelingDetection EngineeringSOAR & AutomationSecurity Architecture

[Project] - Cyber Security Consultant - Security Copilot

July 2025

1Password

Delivered short-term advisory and implementation support on Microsoft Security Copilot use cases, including NL2KQL detection scenarios and optimisation of Microsoft Defender XDR workflows.

Microsoft Security CopilotMicrosoft SentinelMicrosoft Defender XDRKQL (NL2KQL)

Technical Manager Cyber Defense

January 2024 – June 2024

Nedscaper

Led technical direction within the cyber defence domain, overseeing Microsoft Sentinel and Defender XDR security operations, improving detection engineering quality, and driving automation and SOC capability maturity.

Microsoft SentinelMicrosoft Defender XDRSecurity OperationsSOAR & Automation

Cloud Security Engineer

October 2022 - January 2024

Nedscaper

Implemented and maintained SOC detection and response solutions using Microsoft Sentinel and Defender XDR, contributing to incident handling processes and developing SOAR-based security automation.

Microsoft SentinelMicrosoft Defender XDRSecurity OperationsSOAR & Automation

[Project] - Cyber Security Consultant - Microsoft Sentinel content hub solution

September 2024

1Password

Developed and validated Microsoft Sentinel content hub detection use cases, focusing on KQL-based analytics and improving reusable security monitoring content.

Microsoft SentinelKQL

Cloud Security Engineer via Nedscaper

October 2022 - October 2023

Achmea

Developed and reviewed ASIM parsers and detection logic in Azure Data Explorer and Microsoft Sentinel, performing KQL quality assurance and supporting detection engineering initiatives.

Azure Data ExplorerKQLDetection Engineering

Medior Cloud Security Engineer

June 2021 - October 2022

InSpark

Took increased responsibility in designing and improving cloud security controls, mentoring junior colleagues, and contributing to more complex security engineering and consulting engagements.

Microsoft SentinelMicrosoft Defender XDRSecurity OperationsSOAR & Automation

Junior Cloud Security Engineer

August 2020 - June 2021

InSpark

Supported cloud security operations by analysing and triaging security incidents and contributing to monitoring and response activities within a security team.

Microsoft SentinelMicrosoft Defender XDRSecurity OperationsSOAR & Automation

Thesis: Azure Sentinel & Cyber Security

February 2020 - August 2020

InSpark

Conducted research on integrating third-party security solutions with Azure Sentinel in a cloud-based Security Operations Center and analysing correlated threat indicators.

Microsoft SentinelMicrosoft Defender XDRSecurity Operations

Get in Touch

Got a security challenge to talk through, a potential engagement in mind, or just want to connect with someone who thinks KQL is genuinely fun? Find me on LinkedIn — I'd love to hear from you!🙏

Connect on LinkedIn