Skip to content
View vaculikgeorge's full-sized avatar

Block or report vaculikgeorge

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
vaculikgeorge/README.md

George Vaculik

Senior Microsoft cloud security architect at the intersection of identity modernisation, governance, and IaC supply-chain integrity.

Based in the Czech Republic.


What I work on

Everything-as-code is how I build Microsoft cloud environments I can actually prove. Two principled perimeters — one for human access, one for pipeline identity — are what make it safe. The same thesis applies across every engagement; the depth comes from seeing the pattern repeat in different shapes.

Topic pillars:

  • Identity modernisation — AD FS retirement to Microsoft Entra ID cloud authentication, hybrid AD/Entra assessment frameworks, tier-based hardening for legacy domains, federated-to-cloud migration patterns.
  • Privileged access design — PIM (roles/groups/resources), Conditional Access auth contexts, JIT for ADO/GitHub.
  • Secure delivery of governance — WIF, UAMI, no-PAT pipelines, three-domain Terraform with separation of duties.
  • Tenant-write supply chain — who writes to Entra, how it's gated, audit posture.
  • ALZ with a security lens — management-group hierarchy and policy assignment for security-first tenants.
  • Edge cases and gotchas — MG-scoped WIF bootstrap, Conditional Access auth-context binding, PIM activation timing.

Where I write

trustanchor.pro — production patterns from identity modernisation, financial-sector application security, M365 tenant migrations, MSSP platforms, Azure Arc unified control plane, and global cybersecurity policy delivery. Hugo + GitHub Pages.

Editorial frame: identity governance and the IaC supply chain that delivers it are one design problem at different scopes.


Connect

LinkedIn linkedin.com/in/vaculikgeorge
Microsoft Learn learn.microsoft.com/users/vaculikgeorge

Certifications

Cert Title Tier Year
SC-100 Cybersecurity Architect Expert 2025
MS-102 Microsoft 365 Administrator Expert 2024
AZ-500 Azure Security Engineer Associate 2026
SC-200 Security Operations Analyst Associate 2025
SC-300 Identity & Access Administrator Associate 2023

If any of this resonates

Whether you're modernising AD FS to Entra ID, hardening privileged access, designing landing zones at scale, or getting PATs and client secrets out of your delivery pipelines — let's talk.


The principles are universal. The implementations are Microsoft.

Pinned Loading

  1. maester-zta-demo maester-zta-demo Public

    HTML

  2. maester365/maester maester365/maester Public

    Maester is a test automation framework to help you stay in control of your Microsoft security configuration.

    HTML 983 263