Hi, I'm Matthew Pollock.

Azure Cloud & Security Architect
AI does the ops. I own the guardrails.

Scroll Down

About Me

  • I like technology that actually works. Not hype, not complexity for the sake of it – just smart, practical solutions that solve real problems.
  • My approach to IT is straightforward: learn what’s useful, implement it properly, and make things better.
  • I don’t follow trends just because they’re trends. If a new technology makes sense, I’ll dig into it, test it, and figure out how to use it in a way that improves reliability, efficiency, and security. If it doesn’t? I move on.

What I Focus On:

  • ✅ Learning with purpose – staying ahead, but only where it counts
  • ✅ Making things work – cloud, security, automation, and lately AI agents doing the heavy lifting
  • ✅ Cutting through the noise – useful tech over pointless buzzwords
  • ✅ Helping others – sharing knowledge when it actually benefits someone

IT should be effective, not overcomplicated. If something needs fixing, I’ll fix it. If it can be improved, I’ll improve it. And if it’s just a waste of time? I’ll call it what it is.

The AI bet is the current chapter. Most of my routine work now runs through AI agents – but on my terms: their own locked-down identity, read-only until I say otherwise, and nothing privileged happens without my sign-off. AI is brilliant at doing the work; it still needs an adult in the room. I write about how that actually goes – including the messy parts – over on the blog.


Career

AX Ltd

Cloud & IT Infrastructure Lead December 2024 - Present

  • The estate: I look after the whole Microsoft stack for a 500+ person business – identity from on-prem AD through Entra ID, the email estate from Exchange Online to Mimecast, endpoints in Intune, and the Azure platform underneath it all. Security is the backbone of every part of it.
  • Security operations: Defender and Sentinel are the daily workbench – audit, remediate, validate, repeat – with KQL doing the digging when something looks off.
  • AI operations: The majority of routine work here is executed by AI agents (Claude Code, Codex, Ollama, Opencode) under a governance model I built: a dedicated least-privilege identity with just-in-time elevation, read-only by default, plan-before-execute approval on anything privileged, and everything logged. AI does the ops; I own the guardrails.
  • AI platforms: Designed and shipped two production AI applications on Azure – customer interaction analytics and operational decision support – from first whiteboard sketch to daily business use.
  • Zero physical servers: Decommissioned the last on-premises domain controllers and physical hosts across every site – for the first time in the company’s history there is no server room to worry about, and no hardware refresh cycle to budget for.
  • Everything through the pipeline: Infrastructure change lands as code through Azure DevOps – Bicep and PowerShell, reviewed, repeatable, and rollback-friendly.

AX Ltd

IT Infrastructure Manager January 2017 - December 2024

  • Directed a full-scale cloud migration to Microsoft Azure, decommissioning primary and secondary data centres and moving the company from hardware refresh cycles to a consumption-based model.
  • Managed and mentored a team of five infrastructure engineers, delivering key projects including SD-WAN deployment, network modernization, virtualization platform refreshes, and datacentre relocations.
  • Designed and implemented infrastructure for new remote depot sites, reducing deployment times while ensuring seamless integration with existing systems.
  • Optimized vendor relationships and licensing agreements while maintaining compliance and service quality.

AX Ltd

Senior IT Infrastructure Engineer November 2011 - January 2017

  • Designed and executed multiple Microsoft Exchange migrations and domain controller refreshes, achieving improved performance, reliability, and a reduction in hardware requirements.
  • Implemented and optimized Azure AD services, including MFA, Conditional Access policies, and Privileged Identity Management, ensuring secure identity management across hybrid environments.
  • Deployed Microsoft Intune and the Defender suite, enhancing endpoint security and streamlining device management to support a mobile-first workforce.
  • Spearheaded security enhancements, introducing email hygiene solutions, refining Active Directory Group Policies, and improving governance to strengthen the organization's overall security posture.
  • Delivered advanced infrastructure monitoring and troubleshooting processes, leveraging automation to reduce incident resolution times and improving system reliability.

Certifications

Cloud Technologies

Self Study 2021 - Present

  • Microsoft Certified: Azure Solutions Architect Expert (AZ-305)
  • Microsoft Certified: Azure DevOps Engineer Expert (AZ-400)
  • Microsoft Certified: Azure Security Engineer Associate (AZ-500)
  • Microsoft Certified: Azure Administrator Associate (AZ-104)
  • AWS Certified: Solutions Architect Associate (SAA-C02)
  • AWS Certified: Cloud Practitioner (CLF-C01)
  • Microsoft Certified: Azure Fundamentals (AZ-900)

Microsoft Server Technologies

Self Study 2001 - 2019

  • MCP, MCSA, MCSE, MCTS, MCITP
  • Microsoft Windows Server 2003/2008/2012
  • Microsoft Exchange 2010/2013
  • 17 Microsoft certifications and counting – the full transcript lives on Microsoft Learn.

Skills

  • Cloud Technologies
  • AI Operations & Governance
  • Systems Administration
  • Scripting & Automation
  • Architect & Implementation
  • Management & Development
  • Security & Compliance

Key Skills

  • Microsoft Azure: Design, migration, and day-to-day running of the platform – Entra ID, Intune, PIM, Microsoft Sentinel, Azure Monitor, Azure Automation, Azure Backup, Azure Site Recovery, Key Vault, Azure Policy, Azure Arc, and Bastion.
  • AI Operations: Agentic AI (Claude Code, Codex, Ollama, Opencode) running production IT operations under a governance model built on least privilege – dedicated agent identity, JIT elevation, read-only by default, human sign-off on anything privileged, full audit trail.
  • AI Platforms: Two production Azure AI applications in daily business use – customer interaction analytics and operational decision support – owned end to end: architecture, IaC, CI/CD, security, and operations.
  • Identity & Access Management: Microsoft Entra ID (Azure AD), Conditional Access, MFA, SSPR, PIM, hybrid AD, and Group Policy – identity is the perimeter now, and I treat it that way.
  • Microsoft Security Suite: Defender for Endpoint, Defender for Identity, Defender for Cloud, and Microsoft Sentinel with KQL for detection and investigation.
  • Governance & Data Protection: Microsoft Purview, Azure Policy, Azure Backup, and Site Recovery – keeping the estate compliant, protected, and recoverable.
  • Email Estate: Exchange 2010 through Exchange Online – on-premises, hybrid, and migrations between all of them – plus Mimecast administration and email hygiene done properly.
  • Collaboration Platforms: Microsoft 365 administration – Exchange Online, Teams, and SharePoint Online.
  • Windows Server: 2003 through 2022, from installation to decommissioning – and I’ve now personally retired every physical server I ever built.
  • Cloud Networking: DNS, firewalls, VPNs, Azure WAF, load balancing, Cato SD-WAN/SASE, and network peering across hybrid environments.
  • Infrastructure as Code: Bicep, Terraform, ARM templates, and CloudFormation – if it can be code, it should be code.
  • Scripting & Automation: PowerShell, Azure CLI, and Python for automating anything worth doing twice.
  • DevOps Practices: Azure DevOps CI/CD pipelines, GitHub Actions, and working knowledge of Docker, Kubernetes, and AKS.
  • AWS: IAM, EC2, S3, Route53, VPCs, and CloudFormation – the second string to the bow.
  • Leadership: Mentoring engineers, wrangling vendors and budgets, and keeping IT strategy pointed at what the business actually needs.
  • Documentation & Training: Runbooks, technical documentation, and training sessions that people actually use.

Personal Projects