Skip to main content
About Us

Built to make identity risk easier to see

IdentityFirst was founded by people who kept running into the same problem: the risk was there, but the answer was too hard to pull together quickly. We built a simpler way to see it, explain it, and act on it.

Read the Founder Story

Our Mission

Our mission is to make identity risk easier to understand for the people who have to explain it, fix it, or sign it off.

Most teams do not need more data. They need a clear view of what matters, where the risk sits, and what to do next without spending days assembling the story.

“I built IdentityFirst because the same question kept coming back: who has access, what does it reach, and how do we explain it quickly enough for real decisions?”

Mark — Founder, IdentityFirst™

The Founder

Mark

Founder & Lead Engineer

Identity security practitioner with hands-on experience across Microsoft identity environments and hybrid estates. Built IdentityFirst from the ground up, including the platform, connectors, and public website.

The goal is simple: make the risk understandable enough for a board conversation and practical enough for the team that has to do the work.

Credentials

  • ISC2 Certified in Cybersecurity (CC)
  • Cyber Essentials Certified
  • GDPR / Data Protection Practitioner Certified
  • SOC 2 Type II programme in progress
Founder Story

Why I Created IdentityFirst

And why identity security needs a clearer answer than a one-off health check.

For most of my career in identity and security, I kept seeing the same pattern. Organisations believed they understood their identity environment because they had a few tools in place and a passing audit history. The problem showed up when someone asked the harder questions and no one could answer them quickly.

  • Who still has access that should have been removed?
  • Which accounts can reach something sensitive if misused?
  • What changed since the last review?
  • Can we show the evidence in a way that makes sense to the board?

The AD health check problem

Active Directory assessments are useful, but they only inspect one part of a much larger identity estate. Modern organisations operate across many systems at once. Looking only at AD is like inspecting the front door while ignoring every other entrance.

What the industry taught me

The identity security community has produced excellent specialist tools. They exposed hidden escalation paths, legacy misconfigurations, and weak identity resilience under attack conditions. They showed what becomes possible when identity relationships are mapped properly.

The shift from configuration to exposure

The real challenge is now relationships, context, and exposure: how permissions spread, how access paths form, and how one compromised account can become a much bigger problem.

The vision behind IdentityFirst

I created IdentityFirst to close that visibility gap. The goal was not another single-purpose checker, but a clearer way to understand identity behaviour across the whole organisation and answer practical risk questions:

  • Where do the biggest access risks sit?
  • Which accounts could cause the most harm if misused?
  • How is access changing over time?
  • Do policy decisions match real permissions?

Why this matters now

Most modern breaches begin with a misused account rather than a dramatic exploit. If you cannot see how access is spread across systems, you cannot explain the risk or the likely impact with confidence.

IdentityFirst exists because teams were still being asked to make important decisions with too little clarity. This is our attempt to make that easier.

Mark — Founder, IdentityFirst™

What makes us different

Read-only first

We start by looking, not changing. That keeps the first step simple and low risk.

Fast to first value

You should not need a long project before you see something useful. The aim is to get to the first meaningful findings quickly.

Outputs people can read

The result should make sense to the board, the technical team, and the person who has to action it.

Honest about what is live

We keep the product story clear about what is ready now, what is still maturing, and what is not available yet.

Credentials & certifications

Cyber Essentials Certified

A basic public assurance that our security controls are in place and maintained.

ICO Registered

We are registered with the UK regulator and handle data in line with UK GDPR expectations.

ISC2 Certified in Cybersecurity

A personal credential that reflects the security foundation behind the platform.

SOC 2 Type II In Progress

We are working through the programme and will update the page when there is something real to report.

Sectors we serve

We are a good fit where identity risk needs to be explained clearly and acted on quickly:

Financial Services Legal & Professional Services NHS & Healthcare Higher Education Local Government Accountancy Technology

Work with us

Book a demo or get in touch if you want to see whether the platform fits your situation.

Book a Demo Contact Us