Skip to main content
Public website
Public website surface Marketing and explanation content. This is not the canonical authenticated runtime.
Canonical runtime: app.identityfirst.net
About Us

Built to make identity risk easier to see

IdentityFirst was founded by people who kept running into the same problem: the risk was there, but the answer was too hard to pull together quickly. We built a simpler way to see it, explain it, and act on it.

Read the Founder Story

How we position IdentityFirst

The public story stays inside the real product boundary.

Evidence-first identity security that starts read-only and keeps humans in control.

Evidence-first

Evidence-first reporting that makes identity risk easier to explain and prioritise.

Read-only day one

Read-only on day one so teams can start without changing production systems.

Human-approved writes

Any write path stays human-approved. IdentityFirst does not claim autonomous action.

Public messaging stays within current product boundaries and explicitly published connector status.

Our Mission

Our mission is to make identity risk easier to understand for the people who have to explain it, fix it, or sign it off.

Most teams do not need more data. They need a clear view of what matters, where the risk sits, and what to do next without spending days assembling the story.

“I built IdentityFirst because the same question kept coming back: who has access, what does it reach, and how do we explain it quickly enough for real decisions?”

Mark — Founder, IdentityFirst™

The Founder

Mark

Founder & Lead Engineer

Identity security practitioner with hands-on experience across Microsoft identity environments and hybrid estates. Built IdentityFirst from the ground up, including the platform, connectors, and public website.

The goal is simple: make the risk understandable enough for a board conversation and practical enough for the team that has to do the work.

Credentials

  • ISC2 Certified in Cybersecurity (CC)
  • Cyber Essentials Certified
  • GDPR / Data Protection Practitioner Certified
  • SOC 2 Type II programme in progress
Founder Story

Why I Created IdentityFirst

And why identity security needs a clearer answer than a one-off health check.

For most of my career in identity and security, I kept seeing the same pattern. Organisations believed they understood their identity environment because they had a few tools in place and a passing audit history. The problem showed up when someone asked the harder questions and no one could answer them quickly.

  • Who still has access that should have been removed?
  • Which accounts can reach something sensitive if misused?
  • What changed since the last review?
  • Can we show the evidence in a way that makes sense to the board?

The AD health check problem

Active Directory assessments are useful, but they only inspect one part of a much larger identity estate. Modern organisations operate across many systems at once. Looking only at AD is like inspecting the front door while ignoring every other entrance.

What the industry taught me

The identity security community has produced excellent specialist tools. They exposed hidden escalation paths, legacy misconfigurations, and weak identity resilience under attack conditions. They showed what becomes possible when identity relationships are mapped properly.

The shift from configuration to exposure

The real challenge is now relationships, context, and exposure: how permissions spread, how access paths form, and how one compromised account can become a much bigger problem.

The vision behind IdentityFirst

I created IdentityFirst to close that visibility gap. The goal was not another single-purpose checker, but a clearer way to understand identity behaviour across the connected identity systems in scope and answer practical risk questions:

  • Where do the biggest access risks sit?
  • Which accounts could cause the most harm if misused?
  • How is access changing over time?
  • Do policy decisions match real permissions?

Why this matters now

Most modern breaches begin with a misused account rather than a dramatic exploit. If you cannot see how access is spread across systems, you cannot explain the risk or the likely impact with confidence.

IdentityFirst exists because teams were still being asked to make important decisions with too little clarity. This is our attempt to make that easier.

Mark — Founder, IdentityFirst™

What makes us different

Read-only first

We start by looking, not changing. That keeps the first step simple and low risk.

Fast to first value

You should not need a long project before you see something useful. The aim is to get to the first meaningful findings quickly.

Outputs people can read

The result should make sense to the board, the technical team, and the person who has to action it.

Honest about what is live

We keep the product story clear about what is ready now, what is still maturing, and what is not available yet.

What IdentityFirst is not

We keep the public story narrow so buyers know what is real now and what still requires explicit approval or scope.

Not an autonomous remediation engine

IdentityFirst does not claim self-directed action in customer environments. Any write path stays human-approved.

Not a day-one change programme

The starting point is read-only evidence and reporting, not immediate production change.

Not an inflated compatibility story

We keep connector and product claims tied to what is explicitly published, not broad implied coverage.

Credentials & certifications

Cyber Essentials Certified

A basic public assurance that our security controls are in place and maintained.

ICO Registered

We are registered with the UK regulator and handle data in line with UK GDPR expectations.

ISC2 Certified in Cybersecurity

A personal credential that reflects the security foundation behind the platform.

SOC 2 Type II In Progress

We are working through the programme and will update the page when there is something real to report.

Attestation register

Current public trust statements as of April 22, 2026. This is a website-level record of what we state today, not a substitute for due diligence.

Certified

Cyber Essentials

Publicly stated as certified. This is a company assurance claim, not a claim that every customer deployment inherits that status.

Registered

ICO registration

Publicly stated as ICO Registered under reference ZC031428.

Founder credential

ISC2 Certified in Cybersecurity

A founder-level credential. It supports the leadership profile; it is not a company certification.

In progress

SOC 2 Type II

Publicly stated as in progress. We do not present SOC 2 Type II as completed certification.

In progress

ISO/IEC 27001 ISMS

Publicly stated as underway on the trust surface. We do not present ISO/IEC 27001 as certified today.

In progress

Cyber Essentials Plus

Publicly stated as underway following Cyber Essentials certification. It is not presented as completed.

See trust page See product status

Sectors we serve

We are a good fit where identity risk needs to be explained clearly and acted on quickly:

Financial Services Legal & Professional Services NHS & Healthcare Higher Education Local Government Accountancy Technology

Work with us

Book a demo or get in touch if you want to see whether the platform fits your situation.

Review the Demo Discuss Your Situation