Elkhan Yusubov from the USA is currently employed as an Azure SME and Senior Manager of Cloud and Infrastructure for T-REX Solutions. He is Tech Blogger, public speaker, 14 X MCT (Microsoft Certified Trainer) and currently holds an impressive 57 certifications with 18 certs in Microsoft Azure. Furthermore, Elkhan was was recently recognised as a core member of Cloud Lunch and Learn, awarded in recognition to his contributions towards presenting, helping to moderate sessions, and helping in moderating the 48 hours long Cloud Lunch and Learn Marathon 2021. He also recently took part the Azure back to School 2021 event by providing a great pre-recorded session on “Managing your Azure environment security guardrails with Azure Bicep”. Elkhan has the tech community at heart and always willing to go the extra mile to do his part to assist.
Note: If you have any questions or feedback, please use the comment box towards the end of the interview. All comments are reviewed before we approve and notify the interviewee. Thanks
Elkhan Yusubov interview
Tell us about yourself?
I am Elkhan, originally from Azerbaijan, who was born during the former USSR times. Luckily, I had a chance to continue my education in Northern Europe after the independence of my country and was blessed to live and raise my family in the USA. Currently, I am serving as an Azure SME and Sr Manager of Cloud and Infrastructure team for T-REX Solutions – a Microsoft partner company.
As a vivid “Cloud Lunch and Learn” community member, I regularly speak and write blogs to share my perspective on Azure architecture, security, and automation topics. My goal is simple – empower and encourage everyone to start a “cloud journey” & #cloudmarathoner is here to help!
Shameless plug: Please, please, please check out the cloud marathoner journey blog.
What is your greatest achievement whilst working in the world of Tech?
My first significant achievement was becoming an MCT in 2007, as I really loved to help people. Way back, there was not much social media and available information to pursue and become a certified tech trainer like MCT. There were much harder requirements, in my opinion. However, through determination (I failed a Pro level exam twice before passing it) and with the support of my friends and family it became a reality. This achievement has opened many doors, speaking on global events, training opportunities, and making good friends around the world.
How did you get into Tech?
It all started when I was in middle school. Our school received fresh IBM 286 computers from the city. There was not any hard drive to persist your code or files, and we had to carry 1.44 MB floppy disks to load MS-DOS (equivalent to an OS nowadays 🙂 and programs and load them into the computer’s memory before doing anything. I wrote my first code in BASIC and then in Borland Pascal language runtimes. After that everything evolved organically, and I was able to land my first programming job after starting college as an instructor trainer to help people learn Windows OS.
How did you get started with Microsoft Azure?
I started exploring Microsoft Azure in 2016, during a small proof-of-concept (PoC) project for a healthcare mobile app. Our team decided to experiment and use my trial Azure account for the upcoming demo, because our team could deploy and test faster, and not depend on the IT team’s timeline. In summary, we saved 2-3 weeks by deploying and integrating our PoC mobile app with external and internal API services and getting things done, instead of waiting for IT to procure and set the servers on the data centre.
What are your areas of expertise? Are you still working with other products apart from Microsoft Azure?
I am an Azure architect with general focus on foundational services in Azure resource management, landing zones, security, and governance. The DevOps (automated pipeline deployments, Azure DevOps, GitHub, etc.) is another area that I work on a day-to-day basis and provide training by helping cloud professionals in my organization and all over the world.
What is Security as Code (SaC)? And what are the benefits?
Security-as-a-Code is continuing implementation of systematic security practices throughout the entire software development life cycle. Meaning, integrating security practices in your code, and deployments early in the game, or shifting security to the left.
While SaC is a part of DevSecOps approach and adds another layer of security in addition to contributions of other more specialized security focused teams and tools. SaC brings following benefits to your team:
- Raising security awareness of the team members
- Brings better collaboration between development and security teams
- Helps Identify vulnerabilities in the code at an early stage and fix or mitigate the risks
- Reduced development cost by earlier identification and resolution of security issues
- Helps integrate security into automation
- Increases the security visibility on deployments
- Make release cycles faster and shorter
- Releasing security patches and updates faster
- Baking security controls and policies into the deployment environments
As an example: SaC is a mindset that bakes in security controls and procedures as a repeatable, source-controlled code or script into every phase of Software Development Life Cycle (SDLC).
What would you recommend for those wanting to get started with automation in Azure?
I would start by creating my free Azure account first and then learning basics from Microsoft Learn. Next, I would investigate different automation options in Azure and pick the one that services my specific purpose – the goal that I am trying to achieve. As a beginner you could check the Microsoft Learn module “Choose the best Azure service to automate your business processes” that walks you through some of the available options.
However, if you are already familiar with scripting tools and investigate automation to be done through command line, then you have two obvious choices: PowerShell and Azure CLI – based on your comfort zone you can start with one of them and learn the basics of the other alternative approach.
Is strong knowledge of a programming language required to be able to automate workloads in Azure?
It would help to have strong programming language skills, but it is not required. However, strong curiosity to learn and courage to experiment is strongly required to succeed 😊
What is Azure Bicep? Why is this feature currently a hot topic?
Azure Bicep is a domain specific language (aka, DSL) to author Azure resources. This is not a programming language to create applications. Its primary purpose is to make it easier to declare and understand the Azure infrastructure and its resources in an easy way.
It is a hot topic, because prior to it we had only ARM templates to declare the Azure infrastructure, which is based on JSON representation. The ARM templates can easily become complicated and are not easy to understand and manage, especially for beginners.
What is the difference between Azure Policy, Azure Blueprints and Arm Templates?
We just covered ARM templates in the prior question, so it should be clear.
Azure policy – is a rule about specific security conditions that you want to be controlled. This rule is built in definitions, where you can define things like controlling what type of resources can be deployed or enforcing the use of not delete locks on all data storage resources.
On another hand, Azure Blueprints is a declarative way to define a re-usable package of the following Azure resources: Resource Groups, Policy Assignments, Role Assignments and ARM templates that help with environment setup. This way you get a repeatable set of Azure resources that implement and adhere to your organization’s standards, patterns, and requirements. In addition, Blueprints come with parameters that could be passed to ARM templates and Policy assignments.
Also, just keep in mind that Azure Blueprints are still in preview at the time of writing. Learn more about Azure Preview here.
From your experience, what are the common mistakes when securing Azure AD? And how can techies ensure they implement security in Azure AD based on best practices?
Well, Azure AD is not a simple service and requires continuous attention to learn and advance once understanding. This includes not just manual administration, but automation of common tasks and user licence management. Azure AD also requires to be configured based on your organization’s security and compliance requirements. That said, not all default settings provide the highest security possible.
However, there are tons of reference materials on each Azure AD feature and a good place to start would be learning basics from Microsoft Learn modules like Manage identity and access in Azure Active Directory and understanding Azure AD pricing module and what benefits it brings.
For those organisations who have concerns that the cloud is not secure, what would you advise?
It’s seeming natural to wonder if your data is safe when it’s stored in the cloud infrastructure. After all, your files, business information, your most valuable assets are being stored on servers that are not under your control. You might wonder how vulnerable these servers are to cyber criminals?
The truth is the data that you store in Cloud Service Providers (CSPs) like Azure data storage accounts are much more likely to be safer than the information you’ve stored in your computer’s hard drive or even your company managed servers. Remember, hackers can use malware and phishing emails to get the information stored on them. They might demand a ransom before providing critical business data files back to you, or even destroy them.
On the other hand, the security measures undertaken by CSPs are likely to be more robust and powerful than what you have protecting your company computers and devices. However, most leaked data from cloud storage is attributed to misconfiguration of cloud storage devices or leaked access credentials like keys.
What’s your advice for companies wanting to migrate to Azure? Where is the best place to start?
Start by exploring and learning, investing in cloud skills, and doing pre-migration assessment. And as usual, don’t forget to get executive management support on migration project(s) before starting the initiative or buy-in from management so to speak.
Once you put enough effort into upskilling and defining realistic migration milestones then meeting these expectations and conducting the cloud showcases to the senior management will set your migration path to firm footage.
In case of useful resources consider the following materials:
- Microsoft Learn
- Microsoft Cloud Adoption Framework for Azure (CAF)
- Azure Architecture Centre
- Azure Migration and Modernization program
You have been a MCT (Microsoft Certified Trainer) for over 14 years. How did you become a Microsoft Certified Trainer (MCT)? What’s involved?
This opportunity came up after I passed my first two Microsoft certifications in the web development area in 2006, and I became a Microsoft Certified Technology Specialist (MCTS). After a couple of months, a Microsoft Certified Training company representative reached out to me and offered an opportunity to showcase my instructor skills. Once they liked my energy and excitement, I was offered to attend a week long training called “Trainer the Trainer” and verify my in-class teaching expertise. Once again, I was able to share my passion with students and teach them Microsoft technology and get this instructor skill validation on a certification. However, it took me a couple of tries to pass the last Pro level exam and to become an official MCT in 2007.
Thus, back in 2006, it took me four exams, one-week on-site training and two assessments to become eligible to apply for MCT.
What certifications have you achieved, or the certifications you are working towards?
As of writing, I have 57 certs/badges on Credly (formerly known as Acclaim) and 90% of them are associated with Microsoft, while 18 of them are in Azure certifications.
Currently, I am working towards a few more, newer Microsoft security certifications (released this summer) and a few more certs on other clouds.
Let me mention that starting from this year, I must renew the expiring Azure certs which are conveniently done thanks to the new Microsoft Learn renewal process. Thus, I am looking forward to strategically retain architecture and security related cloud certifications while trying to continue the #cloudmarathiner journey 😊
For those struggling to take out the time to study for certifications, what would you advise?
Frankly speaking, it is hard to make time, especially if you have family, kids, and many other community responsibilities. However, consistently making time for 15-30 min study before/after work, or even during the lunch breaks every day will set you apart in achieving your certification goals.
Most importantly, you should have a clear understanding on WHY are you doing this certification? Once you have a clear WHY – then the rest will just come over time.
In summary, try not to wait for a suitable occasion to study, go beyond your comfort zone to follow your training whenever you get a chance.
What would you recommend for those wanting to get started with Azure?
No matter how well-versed you are in technology, always start by brushing your fundamentals.
As it is true for most of us, in many cases certifications help us to bridge the knowledge gap by identifying our weak areas and covering them in a consistent way. Thus, stay hungry and open for Azure cloud challenges.
I would also recommend checking the Microsoft training days to get started with Azure.
What’s next in your Microsoft Azure journey?
My next Microsoft Azure journey is to go after remaining Microsoft Azure Security certs and become more hands-on in implementing different aspects of the SaC approach.
Let me ask a question to our readers, how many active security certifications do Microsoft Azure have?
Check your answer on Microsoft certification poster 👍
The most important question of all 😊
From a scale from 1 – 10 how crazy are you about Microsoft Azure? (10 being the highest).
I will rate it as 11 😊
End of interview