matt@pollockweb:~$

~$ whoami

Matthew Pollock

Azure Cloud & Security Architect

> AI does the ops. I own the guardrails.

~$ cat about.md

About me

Matthew Pollock
  • I like technology that actually works. Not hype, not complexity for the sake of it – just smart, practical solutions that solve real problems.
  • My approach to IT is straightforward: learn what’s useful, implement it properly, and make things better.
  • I don’t follow trends just because they’re trends. If a new technology makes sense, I’ll dig into it, test it, and figure out how to use it. If it doesn’t? I move on.

What I focus on

The AI chapter

Most of my routine work now runs through AI agents – but on my terms: their own locked-down identity, read-only until I say otherwise, and nothing privileged happens without my sign-off. AI is brilliant at doing the work; it still needs an adult in the room. I write about how that actually goes – including the messy parts – over on the blog.

download cv

~$ git log --oneline career/

Career

Cloud & IT Infrastructure Lead — AX Ltd

Dec 2024 – present
  • The estate: I look after the whole Microsoft stack for a 500+ person business – identity from on-prem AD through Entra ID, the email estate from Exchange Online to Mimecast, endpoints in Intune, and the Azure platform underneath it all. Security is the backbone of every part of it.
  • Security operations: Defender and Sentinel are the daily workbench – audit, remediate, validate, repeat – with KQL doing the digging when something looks off.
  • AI operations: The majority of routine work here is executed by AI agents (Claude Code, Codex, Ollama, Opencode) under a governance model I built: a dedicated least-privilege identity with just-in-time elevation, read-only by default, plan-before-execute approval on anything privileged, and everything logged.
  • AI platforms: Designed and shipped two production AI applications on Azure – customer interaction analytics and operational decision support – from first whiteboard sketch to daily business use.
  • Zero physical servers: Decommissioned the last on-premises domain controllers and physical hosts across every site – for the first time in the company’s history there is no server room to worry about, and no hardware refresh cycle to budget for.
  • Everything through the pipeline: Infrastructure change lands as code through Azure DevOps – Bicep and PowerShell, reviewed, repeatable, and rollback-friendly.

IT Infrastructure Manager — AX Ltd

Jan 2017 – Dec 2024
  • Directed a full-scale cloud migration to Microsoft Azure, decommissioning primary and secondary data centres and moving the company from hardware refresh cycles to a consumption-based model.
  • Managed and mentored a team of five infrastructure engineers, delivering key projects including SD-WAN deployment, network modernization, virtualization platform refreshes, and datacentre relocations.
  • Designed and implemented infrastructure for new remote depot sites, reducing deployment times while ensuring seamless integration with existing systems.
  • Optimized vendor relationships and licensing agreements while maintaining compliance and service quality.

Senior IT Infrastructure Engineer — AX Ltd

Nov 2011 – Jan 2017
  • Designed and executed multiple Microsoft Exchange migrations and domain controller refreshes, achieving improved performance, reliability, and a reduction in hardware requirements.
  • Implemented and optimized Azure AD services, including MFA, Conditional Access policies, and Privileged Identity Management, ensuring secure identity management across hybrid environments.
  • Deployed Microsoft Intune and the Defender suite, enhancing endpoint security and streamlining device management to support a mobile-first workforce.
  • Spearheaded security enhancements, introducing email hygiene solutions, refining Active Directory Group Policies, and improving governance to strengthen the organization’s overall security posture.

~$ ls certifications/ --sort=level

Certifications

AZ-305 · expert

Microsoft Certified: Azure Solutions Architect Expert

AZ-400 · expert

Microsoft Certified: DevOps Engineer Expert

AZ-500 · associate

Microsoft Certified: Azure Security Engineer Associate

AZ-104 · associate

Microsoft Certified: Azure Administrator Associate

SAA-C02 · associate

AWS Certified Solutions Architect – Associate

legacy · 2001–2019

MCP, MCSA, MCSE, MCTS, MCITP – Windows Server & Exchange

17 Microsoft certifications and counting – the full transcript lives on Microsoft Learn.

~$ htop --sort-key=proficiency

Skills

The detail