Skip to main content
GosselinkICT
GosselinkICT
GOSSELINK ICT · CLOUD SECURITY & AZURE

SHARING WHAT I KNOW ABOUT
CLOUD SECURITY & AZURE ARCHITECTURE

30+ years in IT, a head full of certifications and a passion for Azure, security and infrastructure-as-code. This is where I share what I've learned.

READ THE BLOG AREAS OF EXPERTISE →
CISSP · CCSP · CKA · Azure Architect Expert · SC-100
Cyber security
WHY THIS SITE?

CLOUD IS POWERFUL.
BUT THE LEARNING CURVE IS REAL.

Azure moves fast — new services, new security features, new compliance requirements. Keeping up is a full-time job. I write about the topics I work with every day so that others can learn from what I've figured out along the way.

💡

PRACTICAL KNOW-HOW

No fluff, no marketing speak. Real patterns, real configs, real lessons from production environments.

🛡️

SECURITY FIRST

Zero Trust, identity hardening, Defender for Cloud, Sentinel — security isn't an afterthought, it's the starting point.

🔧

EVERYTHING AS CODE

Bicep, pipelines, policy-as-code. If it can be automated and version-controlled, it should be.

ABOUT ME

NOT JUST CERTIFICATIONS.
DECADES OF HANDS-ON EXPERIENCE.

Theo Gosselink
Theo Gosselink
Founder · Gosselink ICT

Hi, I'm Theo Gosselink. With more than 30 years in IT — spanning on-prem infrastructure, software development and cloud architecture — I enjoy digging into complex Azure challenges and sharing what I find.

This site is my way of giving back to the community. I write about the things I work with daily: landing zones, security baselines, identity, IaC and DevSecOps. If something I've written saves you a few hours — that's a win.

  • Certifications: CISSP, CCSP, SC-100, AZ-305, AZ-500, CKA
  • Focus areas: Azure architecture, cloud security, compliance
  • Approach: everything as code — Bicep, pipelines, policy
  • Languages: Dutch and English
  • Experience: enterprise, public sector and SMB environments
FULL BIO & CERTIFICATIONS →
AREAS OF EXPERTISE

TOPICS I WRITE & TALK ABOUT.
BUILT FROM REAL-WORLD EXPERIENCE.

These are the domains I've spent most of my career working in. Each one comes up regularly in the blog posts, guides and resources I share on this site.

PLATFORM

AZURE LANDING ZONES

Enterprise-scale landing zones aligned to the Cloud Adoption Framework: management groups, policy, identity, hub-and-spoke networking, logging — all deployed via Bicep.

SECURITY

ZERO TRUST & IDENTITY

Conditional Access, PIM, passwordless, workload identities and Defender for Cloud baselines — turning Entra ID into a real security perimeter.

MIGRATION

CLOUD MIGRATION & MODERNISATION

Moving workloads from on-prem and legacy clouds to Azure. App Service, AKS, Azure SQL, Functions — with cost awareness from day one.

DEVSECOPS

IaC & CI/CD PIPELINES

GitHub Actions and Azure DevOps pipelines with policy-as-code, secret scanning, SAST, DAST, and automated drift detection.

COMPLIANCE

NIS2 / ISO 27001 IN AZURE

Mapping controls to Azure Policy, Defender for Cloud regulatory compliance and Sentinel analytics — making audit evidence continuous and automated.

SOC / SIEM

MICROSOFT SENTINEL

Sentinel workspace design, data connectors, analytics rules and SOAR playbooks — building a working SOC stack from scratch.

GET INVOLVED

WAYS TO CONNECT
AND LEARN TOGETHER.

  1. 01

    READ THE BLOG

    Start here.

    I regularly publish articles on Azure architecture, cloud security, IaC and compliance. Each post comes from real-world scenarios and includes practical examples you can use.

  2. 02

    JOIN THE CONVERSATION

    Share your thoughts.

    Found something useful? Disagree with an approach? Have a better way? Reach out on LinkedIn or by email — I genuinely enjoy exchanging ideas with fellow professionals.

  3. 03

    SUGGEST A TOPIC

    What would you like to see covered?

    If there's an Azure or security topic you're struggling with, let me know. The best posts on this site started as a question from someone in the community.

TECHNOLOGY

BUILT WITH ENTERPRISE-GRADE TOOLS.
CHOSEN FOR FIT — NOT FOR HYPE.

PLATFORM & IDENTITY

Microsoft AzureEntra IDAzure Policy Management GroupsPrivate Endpoints

SECURITY & COMPLIANCE

Defender for CloudMicrosoft Sentinel Conditional AccessPIMKey Vault Zero Trust

IaC & DEVSECOPS

BicepGitHub Actions Azure DevOpsPSRule

WORKLOADS

AKSApp ServiceAzure Functions Azure SQLAPI ManagementContainer Apps

All solutions can be hosted in EU regions for full GDPR & NIS2 alignment.

FAQ

THINGS PEOPLE ASK ME
ABOUT THIS SITE AND MY WORK.

WHO IS THIS SITE FOR?

Anyone working with — or interested in — Microsoft Azure, cloud security and infrastructure-as-code. Whether you're an engineer, architect, team lead or just curious, you'll find practical content here.

CAN I USE YOUR CODE EXAMPLES IN MY OWN PROJECTS?

Absolutely. Everything I share is meant to be used. If a blog post or snippet helps you solve a problem, that's exactly why it's here.

HOW OFTEN DO YOU PUBLISH?

When I have something worth sharing. I don't write to a schedule — I write when I've learned something useful or solved an interesting problem.

CAN I SUGGEST A TOPIC?

Please do. Send me an email or reach out on LinkedIn. The best articles start as questions from the community.

DO YOU SPEAK AT EVENTS OR MEETUPS?

Yes — happy to talk about Azure architecture, security or DevSecOps at community events. Get in touch if you'd like me to present.

WHERE ARE YOU BASED?

The Netherlands. I write in English to reach the widest possible audience, but I'm equally comfortable in Dutch.

CURIOUS ABOUT AZURE & CLOUD SECURITY?
LET'S LEARN TOGETHER.

Check out the blog, connect on LinkedIn, or drop me an email. I'm always happy to talk shop, answer questions or just geek out about Azure.

EXPLORE THE BLOG