Consulting at Affirma meant touching about 20 different client environments over 18 months. Some were in decent shape and just needed specific work done. Others hadn’t had anyone look at the fundamentals in years and needed triage before anything else.
The most interesting engagement was an internal penetration test against a client’s Active Directory environment. Old AD environments accumulate problems over time: stale accounts that never got removed, service accounts with more permissions than anyone remembers why, Kerberoastable SPNs sitting there waiting, NTLM relay opportunities that exist because the environment predates the mitigations. This one had all of it. The test surfaced issues across authentication protocols, privileged account management, and network segmentation.
Writing the report took longer than the test. Findings are only useful if someone can act on them, and the people reading it weren’t all AD specialists. I had to explain what Kerberoasting is, why it matters, and what actually needs to change — not just list CVEs and call it done.
The rest of my time at Affirma was O365 migrations. Around 20 clients, most of them moving on-premise Exchange to Exchange Online. Each one involved tenant setup, mail coexistence during transition, cutover planning, and cleanup afterward. A few also wanted SharePoint and Teams rolled out at the same time. Firewall and WAN work overlapped with all of this — Dell SonicWall, Fortinet, and Palo Alto configurations across client networks.
The thing consulting beat into me: document everything and train the people who are staying. If you can’t hand it off cleanly, you haven’t finished the job.