Built by Practitioners,
for Practitioners
IdentityFirst™ was founded by identity security professionals who were tired of the gap between identity risk visibility and action. We built the tool we wished existed.
Our Mission
To give every regulated organisation — regardless of budget — the same level of identity security visibility that was previously only available to organisations with large security teams or expensive consulting engagements.
Identity is the #1 attack vector. Stale accounts, privilege creep, shadow admins, and non-human identities are exploited daily. Most organisations don’t have a clear picture of their exposure — not because they don’t care, but because the tooling to get that picture has been too complex, too expensive, or too slow.
“I built IdentityFirst™ because I kept seeing the same problem: organisations had AD, Entra, AWS, and five other directories — and no clear picture of who had access to what. The manual audit process was taking weeks and producing stale findings by the time the board saw them.”
The Founder
Mark
Founder & Lead Engineer
Identity security practitioner with hands-on experience across Active Directory, Microsoft Entra ID, and multi-cloud identity estates. Built IdentityFirst™ from the ground up — architecture, platform code, connector framework, and this website.
Understands the challenge from both sides: the technical complexity of enterprise identity estates and the need to translate findings into language the board can act on.
Credentials
- ISC2 Certified in Cybersecurity (CC)
- Cyber Essentials Certified
- GDPR / Data Protection Practitioner Certified
- SOC 2 Type II audit in progress (Q1 2026)
What Makes Us Different
Read-Only by Default
We never modify your systems. All connectors operate in discovery mode. Writes require explicit human approval through the platform’s approval workflow. This is a design principle, not a setting.
Deploy in Days, Not Months
No agents, no infrastructure changes. Push-connector architecture means you have first findings within 2–5 business days of onboarding, not after a 12-week implementation project.
Board-Ready Output
Every assessment produces a PDF that the CISO, CFO, and CEO can understand. ICR score, top findings, remediation roadmap, and business impact. Not a spreadsheet of raw data.
Honest About Our Capabilities
We publish our connector tiers publicly. Beta connectors are Beta — we say so. We have 0 Tier 1 GA connectors yet and we’ll tell you when we do. No inflated claims.
Credentials & Certifications
Cyber Essentials Certified
UK government-backed certification. Annual renewal. Covers technical security controls across our infrastructure.
ICO Registered
Information Commissioner’s Office reference ZC031428. UK GDPR compliant data processor.
ISC2 Certified in Cybersecurity
Founder holds ISC2 CC certification. Foundational security principles, incident response, and access control.
SOC 2 Type II In Progress
Audit in progress, Q1 2026. We’ll update this page when certification is confirmed.
Sectors We Serve
UK-based, serving regulated organisations across:
Work With Us
Book a demo, start a POC, or just get in touch to ask a question.