Hi, I’m Charbel Nemnom.
I help organizations secure cloud environments—from the cloud, with a practical, engineering-first approach to modern security operations.
I’m a Senior Cloud & Security Architect with 22+ years of hands-on experience designing and defending mission-critical environments. My focus is Microsoft security—Microsoft Sentinel, Microsoft Defender (XDR / Defender for Cloud)—and the architecture, automation, and operational maturity around them.
What I do
I specialize in building and improving cloud security operations that are:
- Deployable — repeatable architecture, “security/SIEM as code”, standardized onboarding
- Operational — clear SOC processes and measurable detection/response outcomes
- Cost-effective — ingestion/retention strategy, tuning, and value-based use cases
How can I help you
If you’re facing any of the below, you’re in the right place:
- Microsoft Sentinel deployment or migration (planning, architecture, onboarding, and go-live)
- SIEM cost optimization (reduce noise + waste, right-tier the data, improve cost/value)
- SOC process design & automation (playbooks, enrichment, incident response workflows)
- Cloud incident response & continuous improvement (post-incident hardening, tuning, detections)
- Custom log ingestion and integrations (connectors, transformations, and operationalization)
- Training (check my current video courses)
How I work
I focus on outcomes and long-term maintainability:
- Strong security foundations (identity, posture, visibility)
- Practical detection engineering and tuning
- Automation that reduces toil and speeds response
- Continuous feedback loops (what’s noisy, what’s missing, what’s worth paying for)
Why I blog
I started this blog in 2013 to share what I learn from real deployments—so others can move faster, avoid pitfalls, and build better solutions. When you share knowledge, you help others. It is rewarding to receive valuable feedback and messages from the community.
Credentials & Certifications
I stay current through continuous training and hands-on delivery across cloud security, SecOps, and enterprise architecture.
Highlights
-
- Microsoft Azure MVP (since 2014)
- Microsoft Certified Cybersecurity Architect Expert
- Certified Cloud Security Professional (CCSP) | ISC2
- Certified Information Security Manager (CISM) | ISACA
- Certificate of Cloud Auditing Knowledge (CCAK) | CSA & ISACA
- Microsoft Certified Azure Solutions Architect
- Microsoft Certified Trainer (MCT)
View full certification list
Cloud security & governance
- Certificate of Cloud Auditing Knowledge (CCAK) | Cloud Security Alliance (CSA) and ISACA
- Certified Cloud Security Professional (CCSP) | ISC2
- Certificate of Cloud Security Knowledge (CCSK) | Cloud Security Alliance
- Certified Information Security Manager (CISM) | ISACA
- Privacy and Data Protection Foundation | EU-General Data Protection Regulation (GDPR)
- COBIT 5 Foundation | ISACA
- Information Security Management Foundation | ISO/IEC 27001
- Business Continuity Management Foundation | ISO/IEC 22301
- Information Security Manager (ISM), Advanced Federal Diploma of Higher Education
Microsoft (Security, Azure, Microsoft 365)
- Microsoft Certified Cybersecurity Architect Expert
- Microsoft Certified Azure Solutions Architect
- Microsoft Certified Trainer (MCT)
- Microsoft Certified Solutions Associate | Microsoft Azure Security Engineer (MCSA)
- Microsoft Certified Solutions Expert | Microsoft 365 Enterprise Administrator Expert (MCSE)
- Microsoft Certified Solutions Expert | Microsoft Azure DevOps Engineer Expert (MCSE)
- Microsoft Certified Solutions Expert | Cloud Platform and Infrastructure (MCSE)
- Microsoft Certified Solutions Associate | Cloud Platform (MCSA)
- Microsoft Certified Solutions Expert | Implementing Software-Defined Datacenter (MCSE)
- Microsoft Certified Solutions Expert | Securing Windows Server 2016 (MCSE)
- Microsoft Certified Solutions Associate | Windows Server 2016 (MCSA)
- Microsoft Certified Solutions Associate | Office 365 (MCSA)
- Microsoft Azure Solutions Architect (MCSD)
- Architecting Microsoft Azure Solutions (MS)
- Developing Microsoft Azure Solutions (MS)
- Implementing Microsoft Azure Infrastructure Solutions (MS)
- Server Virtualization with Windows Server Hyper-V and System Center 2012 R2
- Microsoft Certified Professional (MCP)
- Microsoft Certified Technology Specialist (MCTS)
- Microsoft Certified IT Professional (MCITP)
Google Cloud
- Google Cloud Certified – Associate Cloud Engineer (ACE)
Networking, virtualization & infrastructure
- Cisco Certified Network Professional (CCNP)
- Cisco Certified Network Associate (CCNA)
- Cisco Certified Entry Networking Technician (CCENT)
- VMware Certified Associate – Data Center Virtualization (VCA-DCV)
- Aruba Certified Mobility Associate (ACMA)
- Unidesk Certified Professional & Operator (UCP & UCO)
- Sun Certified Solaris Associate (SCSAS)
Service management & project delivery
- Project Management Professional (PMP)
- Information Technology Infrastructure Library (ITIL)
Let’s connect
Need help with Sentinel/Defender, SOC automation, or SIEM cost-value optimization? Reach out via the Contact page and let’s talk.