New Year’s Resolution: Must Learn KQL in 2022

For those that missed the notification, I’m still off of work until the first week of January. But I’m finding that I truly am a victim of tech FOMO. It’s really hard for me to completely shut down and walk away. But this isn’t a new phenomenon. I’ve experienced this my whole professional, adult life. I always have to be doing something I feel is meaningful and long-term rewarding even during moments of rest (if that’s a thing that really exists).

Though many of you have just started experiencing work-from-home (WFH) with the pandemic, I’ve been doing it since 1999. As you can imagine, that’s given me lots of time to tune and retune my work habits so that I have a pretty great work-life balance. And my wife would agree if you asked her.

Those that have known me for very long, know that I’m also a fitness nut. I run at least 10 miles a day, and as of today have run 2,359 consecutive days. What led me to running every single day was a time before when I was playing with my kids and got winded just running across the backyard. For someone who was an athlete in his younger days, that was too much and an eye-opener. I made a promise then to never feel that again – to never be winded by some menial activity.

I’ve experienced times in my professional life too where I became “winded” due to my lack of strength on a topic. As much as I thought I knew about technology and security my life at Microsoft challenged me. And it continues to challenge me. So, I renewed my focus and resolve, and much like I did for fitness, I promised myself to never feel technically “winded” again.

So, I’m always learning. And that’s OK. And I know there are many of you like me. This tech FOMO is a real thing. But it can be managed and redirected for good. That’s one of the reasons why I’ve opted to write the Must Learn KQL series the way I have. It’s a series of short learnings where each can be accomplished in a few minutes. And it’s presented in a logical way so that each section builds on the others. You can go as fast or as slow as you want.

The series is now up to chapter 10, with chapter 11 ready to post the first week of January 2022. So, there’s still time to catch up. And, for those that prefer it, there’s also an eBook version that gets updated each time the series expands. Something else that’s unique about this series is that it’s stocked full of hands-on opportunities, and I supply an actual working demo environment for the exercises that use the supplied query samples.

You can always find the series information at this short link:

Additionally, you’ll find there’s now a merch store for the KQL series with a New Year’s Resolution edition coffee/tea mug to help remind you of your promise to not get “winded” by KQL. All proceeds for the mug sales go to St. Jude Children’s Research Hospital, so you’re giving something to yourself (or a colleague) and someone else that needs it at the same time.

KQL is a must-learn query language for anyone working with data in Azure. Whether it’s for security purposes or not, anyone working with any data-centric service in Azure will benefit from KQL knowledge.

So, make it your new year’s resolution to learn KQL in 2022!


[Want to discuss this further? Hit me up on Twitter or LinkedIn]

[Subscribe to the RSS feed for this blog]

[Subscribe to the Weekly Microsoft Sentinel Newsletter]

[Subscribe to the Bi-Weekly Defender for Cloud Newsletter]