Michele Leroux Bustamante
CEO, Solliance Inc; Founder PolicyServer; Cloud / Security Architect; Microsoft RD
San Diego, California, United States
Actions
Michele Leroux Bustamante is Cofounder and CEO at Solliance (solliance.net), Founder of PolicyServer (policyserver.com), in addition to being a Cloud / Security architect, and a Microsoft Regional Director since 2003. Michele is recognized in many fields including software architecture and design, identity and access management, cloud and microservices architectures, security and compliance, and DevOps. During the past 25 years, Michele has held senior executive positions at several organizations, assembled and led high performing teams, and drove delivery and customer success at scale. Michele provides technical and business leadership at Solliance - and shares learnings through workshops, presentations and keynotes. Michele has been published regularly during her entire career including the best-selling book ''Learning WCF'' (O'Reilly 2007) and Developing Microsoft Azure Solutions 2nd Ed. (MS Press 2017). @michelebusta
Links
Area of Expertise
Topics
Lessons in Tech Career Growth: What They Don’t Teach You in the Docs
You’ve mastered the tech—but what about the conversations, decisions, and mindset shifts that actually move your career forward? Whether you’re just getting started or eyeing your next big step, this session explores the soft skills that shape real progress: how to communicate with clarity, collaborate with impact, and grow through feedback, ambiguity, and even failure.
You’ll learn how to:
* Build trust and influence across teams—without needing a title
* Navigate feedback, imposter syndrome, and career plateaus
* Play well with others: how to collaborate effectively, especially under pressure
* Communicate ideas to peers, leaders, and non-technical stakeholders
* Decide when to lean in, level up, or change lanes
* Develop the mindset that helps you thrive, not just survive, in tech
This talk is for developers and architects who want to be more than just great technicians—they want to grow into confident, trusted, and impactful professionals.
Getting Authorization Right in .NET: Patterns, Pitfalls, and Practical Guidance
Authentication gets the spotlight, but authorization is where real access control happens—and getting it right is critical for secure and maintainable applications. This session dives deep into modern authorization patterns in .NET, helping you move beyond if(user.IsInRole()) to scalable, flexible, and secure designs using fine-grained authorization patterns.
The session will cover:
* The built-in authorization model in ASP.NET Core, including policies, roles, and claims
* Attribute-based vs. resource-based authorization
* Custom policy and handler development
* Managing fine-grained permissions across microservices and APIs
* Externalizing authorization decisions using centralized authorization systems
* Best practices for combining authentication (OIDC / OAuth2) with robust authorization logic
* Common pitfalls—like hardcoding roles or overloading claims—and how to avoid them
This session will equip you with the patterns and practices to build secure, testable, and future-proof authorization in .NET.
From Governance to Recovery: Strengthening Your Azure Security Posture with NIST CSF 2.0
Security isn’t just a technical concern—it’s a business imperative. With the release of NIST Cybersecurity Framework (CSF) 2.0, organizations now have a more structured and strategic way to manage cybersecurity risk, starting with governance at the top. But while the CSF defines what needs to be done, it doesn’t tell you how to do it.
This session bridges that gap by walking through each of the six CSF 2.0 core functions—Govern, Identify, Protect, Detect, Respond, and Recover—and demonstrating how to prioritize and operationalize them in your Azure environment. More than a checklist, this is a practical approach to turning high-level guidance into action.
You’ll learn how to leverage Microsoft Azure tools and services to monitor, measure, and improve your security posture—leaving with a clear, actionable roadmap to align your cloud security strategy with a globally recognized standard.
A Fresh Look at Securing Applications and APIs in Azure
Securing modern applications and APIs in the cloud goes far beyond authentication—it's about building layered defenses that support a Zero Trust architecture. This session offers a practical look at security patterns in Azure, weaving together identity, token lifecycle management, and platform services into a cohesive, end-to-end security strategy.
Topics will include:
* Authentication and session management patterns using Microsoft Entra ID and OpenID Connect, including integration with external identity providers
* OAuth 2.0 flows for securing APIs, covering both delegated and app-only access
* Best practices for token lifetimes, refresh strategies, and session boundaries
* Defense-in-depth using Azure API Management as a central policy enforcement point
* Secure, credential-free service-to-service communication using Managed Identities
* Designing for Zero Trust with segmentation and least privilege
Whether you’re building new cloud-native apps, modernizing legacy systems, or enabling secure B2B and B2E integrations, you’ll leave this session with actionable patterns to strengthen the security of your applications and APIs across the Azure ecosystem.
You are not excused! How to avoid security blind spots on the way to production.
We live in an ever evolving landscape for cyber threats creating security risk for your production systems. Mitigating these risks requires participation throughout all stages from development through production delivery - and by every role including architects, developers QA and DevOps engineers, product owners and leadership. No one is excused! This session will cover examples of common mistakes or missed opportunities that can lead to vulnerabilities in production - and ways to do better throughout the development lifecycle.
Delivering on Identity Solutions - practical guidance and pitfalls to avoid
Identity is a critical part to any solution - whether that solution is deployed on premises or to a cloud provider. The challenge most organizations have is lack of deep expertise with identity protocols, authentication techniques and standards, associated use cases and solution design, user management and user self-service lifecycles and the recommended best practices and necessary threat modeling to deliver a solution to production. Even when using a hosted identity provider, you are not excused from understanding how applications integrate with that provider and participate in the holistic solution, and you typically also need to build significant custom work around the user lifecycle which should also follow recommended best practices that aren’t always obvious. In this session, Michele will share recommended best practices for identity solution design and delivery, drawing examples from experience with actual customer solutions with varying requirements. The goal is to educate you on common and practical ways to approach the identity solution design while adhering to recommended best practices. You’ll get an overview of critical protocol flows, the evolving preference for SPA / BFF patterns for application integration, the challenges that arise when you let identity become “too custom” and how this impacts your choice of identity platform framework or vendor.
Securing Azure Resources for Enterprise Solutions
Delivering solutions to Azure may involve a variety of architecture patterns involving Azure resources. This session will walk you through a number of real world solutions and in doing so discuss security best practices for the overall solution in Azure including how to handle securing critical Azure resources. While covering several reference architectures for Azure solutions, this session will review best practices for securing Azure resources within a solution including SQL PaaS or Cosmos data back-ends; messaging with Service Bus, Event Hubs, and Event Grid; Key Vault; Storage; Azure Container Registry; and applications deployed with app services, containers or Azure Kubernetes Service (AKS). In addition to covering security related to specific Azure resources, the session will cover network security practices and using private link endpoints. The goal is to give you a breadth of understanding as to typical security requirements to meet compliance and security controls in an enterprise solution.
Afternoon Keynote: You Are Not Excused! How to Avoid Security Blind Spots
We live in an ever evolving landscape for cyber threats creating security risk for your production systems. Mitigating these risks requires participation throughout all stages from development through production delivery - and by every role including architects, developers QA and DevOps engineers, product owners and leadership. No one is excused! This keynote will cover common mistakes or missed opportunities that lead to vulnerability in production, and ways to do better.
Delivering Secure Enterprise Azure Solutions - in a day
This workshop will explore how to deliver secure enterprise solutions to Azure while sharing real world experiences that cover topologies from simpler architectures, to more complex architectures involving hybrid cloud and on premise solutions. Drawing from diverse experiences helping customers deliver and operate Azure production solutions, Michele and Jim will take you through a journey through a series of Azure solution architecture blueprints and best practices including how to select the appropriate Azure resources for compute and hosting, API delivery, networking and routing, data storage and messaging - while also covering how to best secure those resources, and ensure they are designed for high availability and disaster recovery. The goal of the workshop is to help you understand the best use of Azure resources, how to secure them appropriately, and understand the challenges that enterprises may face while planning for Azure delivery.
Security Tips for Azure Enterprise Solutions
Delivering solutions to Azure may involve a variety of architecture patterns involving your applications, APIs data and associated Azure resources that comprise the solution. This session will use reference architectures to illustrate the security considerations to protect your Azure resources and data, how to achieve Zero Trust, and why it matters. Topics covered will include specific security recommendations for types Azure resources and related network security practices. The goal is to give you a breadth of understanding as to typical security requirements to meet compliance and security controls in an enterprise solution.
Michele Leroux Bustamante
CEO, Solliance Inc; Founder PolicyServer; Cloud / Security Architect; Microsoft RD
San Diego, California, United States
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top