We've been in the weeds
so you don't have to.

25 years inside Microsoft enterprise environments. A decade as a Microsoft Premier Field Engineer — working directly inside customer environments, solving the problems that don't have a support article and can't wait for a ticket queue. Identity infrastructure, directory services, security architecture, and the operational complexity that comes with running Windows Server at scale.

We've designed AD DS forests from scratch and inherited ones nobody wanted to touch. We've built RBAC models that actually get used, naming conventions that survive an acquisition, and Group Policy structures that don't collapse under their own weight. We've also spent countless weekends cleaning up environments after a breach — which teaches you more about what matters than any certification ever will.

That background spans the full Microsoft stack: Active Directory, identity and access management, PKI and certificate services, endpoint management, and security hardening across environments ranging from a few hundred users to tens of thousands. We've seen what good looks like — and we've spent a lot of time turning environments that weren't into ones that are.

We've long held that IT security is 20% technology and 80% governance — and that most organizations get the ratio backwards. The tools are the easy part. The hard part is the policy that defines who has access and why, the process that ensures it gets reviewed, the documentation that makes an incident survivable, and the discipline to maintain all of it when nobody's watching. That 80% doesn't announce itself when it slips. It just quietly becomes the reason a breach was worse than it needed to be.

We're diligent about not letting it slip. Every engagement we take on treats governance as a first-class deliverable — not an afterthought appended to a technical report. Because the firewall rule that nobody audited and the access group that outlived the project it was created for are where incidents actually start.

BrkrOps builds tools and delivers consulting that reflect that experience directly. No generalists, no subcontractors, no methodology decks. Just practitioners who know the technology and care about the outcome.

Questions, feedback, or just want to talk geek? admin@brkrops.ca

On signing certificates and jurisdiction. Our code-signing certificate is issued to Patrick Mercier by Certum, a Polish CA operated by Asseco Data Systems out of Gdańsk, under EU law and eIDAS — not by a US-based authority. That's a deliberate choice. For a Canadian shop selling enterprise security tooling, the calculus is: most enterprise customers won't look at who signed the binary as long as it's signed and validates — but the public-sector and regulated buyers who do look care about CLOUD Act exposure on US-jurisdiction CAs. Certum roots have shipped in every Windows install for over two decades, so the choice costs us nothing in compatibility while it matters to the customers it matters to. Microsoft SmartScreen reputation accrues to the certificate identity regardless of which CA issued it.