James Duncan

Security Cloud Solutions Architect at Microsoft

Personal Statement

Senior security professional with and primary interests in the Development Security and Adversarial AI/ML spaces. Security must be thought of in the design and attested throughout the entire process.

Professional Experience

Security Cloud Solutions Architect

September 2022 - Present

My current role at Microsoft enables me to play a pivotal strategic role in Microsoft's catalogue offerings. I currently work alongside Mark Simos (Lead Security Architect) developing a comprehensive DevSecOps module for Microsoft's enterprise support contract. The module focuses on upskilling the strategic and technical direction of a customer's DevSecOps environment, helping them shift left effectively. Whilst I strategically engage with Microsoft, I also technically engage with industry and have had several technical wins including displacing CrowdStrike, CyberReason, and McAfee out of a customer's server estate and fully supporting the customer to deploy and utilise Defender for servers, resulting in a 300% increase of billed revenue YoY.

Microsoft CyberFirst Program Lead

September 2021 - Present

Since joining Microsoft, I have actively led our engagement with NCSC's CyberFirst Scheme. Due to my leadership we have grown Microsofts investment in the programme with the total value reaching £400k per annum. I manage the schools outreach program, offering Cyber Security Volunteering opportunities across the UK, supporting 115+ schools across 6 regions. I also contribute to the CyberFirst Bursary program, facilitating summer placements for 9 security teams across 2 organizations in 2024, resulting in placements for 18 students and generating over 3.5 years of internship work. Students placed with Microsoft undertake impactful projects, contributing to our security measures or acting as customer advocates. Notably, one student developed a solution during their placement that generated £300k in threat intelligence sales.

Rolls-Royce (CyberFirst Placement), Cyber Security Associate

June 2019 - August 2019

Worked as an associate at Rolls-Royce as part of the CyberFirst bursary Scheme. During my time at Rolls-Royce I worked with Information Assurance, Cyber Operations, Forensics and Risk Management. During this experience I got my first taste of Development security and evaluated SAST & DAST tools for purchase as part of Rolls-Royce's DevSecOps program. This placement gave me a deeper understanding of all areas of Cyber Security helping me to pivot and find my niche.

Work Placement Student at Rolls-Royce

June 2019 - August 2019

Worked at Rolls-Royce as a placement student for a period of 8 weeks. During my time I experienced a compressed version of the IT Graduate Scheme specifically around Cyber Security. I worked with Information Assurance, Cyber Operations (Security Operations Centre), Forensics and Risk Management. I learnt a lot on this placement and particularly enjoyed my time in the SOC and Forensics as this felt technical but also challenging. However, working in other areas gave me an understanding on how the business functions and I found myself enjoying information assurance and other relevant roles.

Fujitsu (CyberFirst Placement), Risk Management Developer

July 2018 - September 2018

Worked at Fujitsu as a Risk Management Developer as part of the CyberFirst Bursary Scheme. During my time I developed an Information Security Risk Management Tool in C# in response to the demise of Fujitsu's IS1 tool. The developed tool used multiple standards including ISO 27001, NIST and CCM Controls to generate risk metalanguage to form part of a full risk assessment. In hindsight this project was a precursor to many Cloud Security Posture Management (CSPM) tools we see today to attest cloud compliance.

Computer Science Teacher (Teacher Training)

June 2018 - July 2018

Teaching experience as part of my degree program specialising in computer science with Teacher training. The course was designed to enable the student to get a degree in computer science and a PGSE after graduation. I worked in a school environment, learning how to apply educational pedagogies to teaching in practice. This significantly built up my soft skills and fueled a passion for helping people achieve more. Whilst there I had the opportunity to teach basic python and Computer Theory such as deadlocks and race conditions. Due to a change in course structure resulting in having to drop core computer science modules to pursue teacher training I dropped this course opting to prioritise computer science modules.


University Of Hull - BSc Computer Science (1st Class)

September 2017 - July 2020

During my time at Hull University, I had the opportunity to study a wide range of subjects, including machine learning and data science systems. While my modules focused primarily on software development, I strategically augmented my studies with a keen interest in Cyber Security. This dual approach allowed me to cultivate a comprehensive understanding of both disciplines, enriching my academic experience and broadening my skill set. My dissertation focused on replicating the functionality of the Enigma Machine and comparing it to modern-day encryption techniques such as AES. This research endeavor not only deepened my understanding of encryption methodologies but also fortified my resolve to explore the evolving landscape of cybersecurity.

Certificates & Awards


- Certified DevSecOps Professional
- GitHub Advanced Security
- Microsoft Cyber Security Architect Expert
- Security Operations Analyst Associate
- Identity and Access Administrator Associate
- Information Protection and Compliance Administrator Associate
- Azure Fundamentals

CSU Pace Setters, Microsoft - 2024

Recognized as one of 30 of the highest achieving security architects in Microsoft worldwide with my selection as a CSU pace setter.


  • Cyber Security
  • DevSecOps
  • Cloud Security
  • Security Architecture
  • Security Strategy
  • Information Security
  • Linux
  • Azure


DevSecOps for Azure [In Progress], Pakt

Technical Reviewer for DevSecOps for Azure written by Joylynn Kirui and David Okeyode

Contributor to the Microsoft Security Development Lifecycle (SDL)


Understanding the Attack Surface of the Open-Source Software Supply Chain

https://www.linkedin.com/pulse/understanding-attack-surface-open-source-software- supply-james-duncan