The Microsoft Security path I trust with real networks.

My path. In order. The real one.

Before I tell you which certs to take, you should know how I got here. Because security is the area I have lived in longest, and the path I would recommend today is built on a decade of partner-facing security work.

I am not asking you to trust the path because I read about it. I am asking you to trust it because I walked it. From RSA SecurID Access and NetWitness in the field, to Microsoft Security Consultant work at Ingram Micro, to today as a Microsoft Global Senior Cross Solution Partner Solution Architect driving AI- and security-led sales outcomes worldwide.

Here is the timeline.

• 2012-2013 · Ingram Micro
  Pre-Sales Engineer (Microsoft ROK / Server Lead)
  My first real technical role. Led 40+ engineers across Buffalo and Manila on Microsoft Server, Hyper-V, SCVMM, Data Core, Veeam, and Cisco Data Center. Security was not a separate practice yet. It was just how you built systems that did not fall over. That foundation made every security cert easier later.
• 2013-2015 · Ingram Micro
  Technical Account Manager (VMware Identity & Access)
  2.5 years presenting VMware Identity Access Management at tradeshows, partner expos, and onsite. Managed 300 accounts and supported 62 sales reps. $50-55M annual VMware revenue. This is where identity stopped being theoretical and became something I could explain in a customer boardroom.
• 2015-2018 · Ingram Micro
  Security Pre-Sales Technology Consultant II (RSA)
  3 years of pure security presales for RSA reseller partners across the US. Architected next-generation Multifactor, SIEM, and network packet capture solutions. Demonstrated RSA SecurID Access and NetWitness Suite (logs, packets, endpoint) to customers and resellers. This is where I learned that great security architecture is the difference between a breach and a save.
• 2018-2019 · RSA Security
  Senior Technical Product Marketing Manager (SecurID Access)
  Owned competitive battle cards that helped sales win opportunities. Created and hosted the internal RSA SecurID Access Monthly Podcast to enable field sales teams. I learned that the best security pros do not just defend systems. They translate capabilities into language buyers understand.
• 2019-2021 · Ingram Micro
  Microsoft Security Technology Consultant II
  Guided partners through the Microsoft Security practice program. Delivered security workshops and bootcamps aligned to customer risk and compliance needs. This is where I made the formal pivot to the Microsoft Security stack. Defender, Sentinel, Entra. The transition from RSA to Microsoft was not a reset. It was a translation.
• 2021-2025 · Microsoft
  Senior Partner Technology Strategist (GPS)
  4+ years leading security and cloud strategy with Microsoft partners across territory. Coached partner teams on security positioning, deal progression, and customer commitment. AI-enabled security scenarios came late in this role and reshaped everything.
• 2025-Today · Microsoft
  Global Senior Cross Solution Partner Solution Architect
  I now lead cross-solution security and AI initiatives across Identity, Endpoint, SIEM, MXDR, and Copilot scenarios. The work is about repeatable security and AI offers that partners can scale. Every conversation I have had since 2012 prepared me for this room.

What this path taught me: security careers compound. The skills I built on RSA SecurID Access in 2015 still apply when I architect Microsoft Entra deployments today. The KQL I write in Sentinel rhymes with the SQL I wrote on NetWitness logs. Nothing is wasted.

That is why I trust this path: SC-900, AZ-900, SC-200, SC-300, SC-100. It is the same arc I walked, just compressed into a sequence you can finish in 12 to 15 months.

Who this is actually for.

I would rather tell you to close this tab than waste your time. So let me be direct about who should keep reading, and who should not.

This path is for you if:

• You are curious about security but the technical depth feels intimidating.
• You are in IT already (help desk, sysadmin, network) and want to specialize in defense.
• You are a developer who keeps hearing security complaints and wants to stop getting blocked.
• You lead a team and need to understand the Microsoft security stack well enough to hire for it.

This path is not for you if:

• You want to be a penetration tester or red-team offensive specialist. That is a different path, often OSCP and CEH.
• You are looking for a non-technical path into cyber. SC-900 is technical enough that you need to be comfortable with Azure concepts.
• You hate reading logs. SOC work is a lot of log reading. Be honest with yourself.

Still here? Good. Let me tell you what usually goes wrong.

The biggest mistakes I see every time.

I have mentored enough people through this path to see the same mistakes on repeat. Each one adds months. One of them can cost you a year.

The sequence, in order, with timing.

Five certs. Twelve to fifteen months of focused work, depending on your pace. Here they are, in the exact order I would take them today.

Total: 31-45 weeks of focused study. $693 USD in exam fees. A credential stack that tells employers you can build, not just talk about.

What to do between certs.

Here is what separates the people who get certified and also get hired, from the people who get certified and stay stuck: what they do between exams.

The cert is proof you studied. The project is proof you can build. Employers want both. Here is what I recommend doing in the weeks between each exam:

After SC-900:

• Spin up a free Microsoft 365 developer tenant. Explore the Compliance portal. Click every button. Break nothing.
• Read one cybersecurity incident post-mortem per week. Pick something recent. See how the failure happened. Apply SC-900 concepts to what you read.
• Post one LinkedIn note about what you learned. One paragraph. You are building a public signal that you care about security.

After AZ-900:

• Deploy a virtual network, add a VM, configure NSG rules. Break the connection on purpose, then fix it. You now know Azure networking, not just the exam answers.
• Read 3 Azure security case studies on learn.microsoft.com. Pick industries you care about. See how the patterns repeat.

After SC-200:

• Set up Sentinel in your developer tenant. Ingest some log source, even if it is just Microsoft 365 audit logs. Write your first KQL query. Write ten more.
• Follow two or three Microsoft Security Community creators. See what real SOC analysts discuss. Start forming opinions.

After SC-300:

• Configure Conditional Access policies in your tenant. Break your own login on purpose. Recover from it. You just learned something no exam can teach you.
• Start applying for SOC analyst or identity engineer roles. You have enough credentials. Build in public, document what you deploy, and get in front of hiring managers.

If you can only do one thing between certs: build one tiny project. Not a perfect one. A small, shippable, shareable one. Momentum beats perfection every time.

Thriving, not just surviving.

Most cert guides end at "you passed, congrats, apply for jobs." That is like teaching someone to drive and then dropping them on the highway. Let me tell you what actually happens after you are certified, and how to not just survive it but use it.

The 2026 retirement watch.

Microsoft is retiring 11 certifications in 2026. Here is what matters for this specific path:

AZ-500 retires August 31, 2026

Replaced by SC-500 (Cloud and AI Security Engineer Associate). This does not affect the core path above, but if you were planning to add AZ-500 on top of SC-200 or SC-300, take SC-500 instead. It is the modernized replacement with cloud and AI security coverage built in.

SC-200, SC-300, SC-100 are all current

As of April 2026, all three are in good standing with no announced retirement. This path is safe to start today.

Bookmark this page. As Microsoft announces more changes through 2026 and into 2027, I will update this section. Or see Microsoft’s official retirement list:

Microsoft’s official credential retirement page →