Skip to main content
Joshua Clarke
Joshua Clarke

Joshua Clarke

Secure systems.Build skills.Share what works.

Practical cloud defence, home labs and security automation from Joshua Clarke, a senior cyber security analyst focused on threat hunting and platform abuse.

Ethical, defensive learningBuilt from field experience
Evidence / Field recordYouTube data linked
01Verified signal
8+Years in cyber defence

From managed detection to Azure threat hunting

02Verified signal
177K+Views across practical tutorials

Live channel-wide view count, refreshed hourly

03Verified signal
4.2K+YouTube subscribers

Growing through practical, field-led security content

Choose your route

Operator brief / About

Security operator.Tool builder.Clear communicator.

I'm Joshua Clarke, a Senior Cyber Security Analyst currently focused on Azure fraud and abuse threat hunting across large-scale cloud environments.

I bring a builder mindset to investigations. Alongside hands-on analysis, I create lightweight tooling and repeatable workflows that help analysts move faster, improve consistency and turn complex findings into practical next steps.

KQLPowerShellPythonAzureMicrosoft DefenderSIEM / EDR

What I bring

Investigation depth with delivery discipline.

Four connected capabilities shaped by hands-on security operations, engineering collaboration and practical education.

01

Threat Hunting & Platform Abuse

Develop hypotheses, correlate diverse telemetry and turn ambiguous signals into high-confidence investigative findings.

02

Incident Response & Cloud Forensics

Investigate complex security events and improve repeatable forensic workflows across distributed environments.

03

Analyst Tooling & Automation

Build practical tooling that reduces repetitive work, shortens setup time and makes investigations more consistent.

04

Knowledge Transfer

Translate technical findings into clear recommendations, training and practical education for analysts and learners.

Professional record

Work experience

From enterprise IT and managed detection to consulting, cloud forensics and Azure threat hunting at Microsoft. The through-line is evidence-led investigation, clear communication and tooling that helps analysts move faster.

Current positionSenior Cyber Security AnalystAzure Fraud and Abuse Threat Hunting
2021
Joined Microsoft
Now senior analyst in MSRC
8+
Years in cyber defence
SOC, consulting, cloud and threat hunting
5
Security and IT organisations
Enterprise support through global cloud defence
Microsoft logo

Microsoft

Current

Senior Cyber Security Analyst - Azure Fraud and Abuse Threat Hunting

Dec 2025 - PresentCheltenham, remote

Investigating Azure fraud, abuse and adversarial platform activity across large-scale cloud environments, turning ambiguous signals into findings that support detection, enforcement and disruption.

Threat huntingPlatform abuseAzure telemetry

Selected impact

  • Analyse attacker behaviour, infrastructure patterns, cloud resource usage and abuse tradecraft.
  • Correlate diverse telemetry to develop hypotheses and produce high-confidence investigative findings.
  • Build lightweight tooling that improves investigative depth, speed and repeatability.
Microsoft logo

Microsoft

Senior Cyber Security Analyst - Security Operations, Incident Response and Cloud Forensics

Dec 2023 - Dec 2025Cheltenham, remote

Led cloud forensic and incident response improvements across globally distributed investigations, combining operational delivery with training, mentorship and analyst tooling.

Cloud forensicsIncident responseMicrosoft Defender

Selected impact

  • Designed a serverless forensic platform that reduced analyst setup from hours to minutes.
  • Improved Windows Defender and Defender for Cloud coverage with investigative findings.
  • Delivered specialised incident response, forensics and cloud security training.
Microsoft logo

Microsoft

Cyber Security Analyst II - Security Operations and Incident Response

Jun 2021 - Dec 2023Cheltenham, remote

Led and supported complex investigations across Azure, Microsoft 365, Gaming and corporate environments, including incidents involving advanced threat activity.

Security operationsIncident responseAutomation
Accenture UK logo

Accenture UK

Security Delivery Consultant

May 2020 - Jun 2021United Kingdom

Established and supported a multi-cloud, threat-led security operations service for a government client, protecting critical national cloud infrastructure.

AWS and AzureProtective monitoringService development

Live privacy signal / Approximate

Your IP travels before you do.

This is the coarse location a website can infer from your connection, without asking for GPS permission.

Resolving approximate signal…

Observed location

Locating…

A VPN can mask your public IP and change the location websites infer. It improves privacy, but it does not make you anonymous.

Explore Proton VPNCompare privacy tools

Affiliate link · I may earn a commission at no extra cost to you

Location is approximate and may reflect your ISP or VPN exit server.

YouTube comments / Viewer signal

Proof from the people watching.

A few comments from viewers who found the videos useful in the real world, from lab setup walkthroughs to practical security tooling and incident response walkthroughs.

Network / Open channels

Stay connected.

Follow the investigations, practical labs, new videos and community conversations across the platforms you already use.

Contact / Secure channel

Get in touch.

Have a question, collaboration or speaking opportunity? Send the details and I'll get back to you as soon as possible.

Message composer

Tell me what you need

Please do not send passwords, API keys, customer data or other sensitive material.

Routing details

Contact info