Mattias Borg

Mattias Borg

Cyber Security Geek

Stockholm, Sweden

Incident Response Specialist with focus on Threat hunting in the Microsoft defense stack.

Cyber Security consultant helping customers automate their incident response capabilities to give them more time to focus on the advanced threats.

Researching vulnerabilities when not working for customers.

MSRC Security Research Acknowledgement (August 2018)

Workplace Ninja Summit 2021, Nordic Virtual Summit 2021, Workplace Ninja Summit 2020, Sans Threat Hunting & IR Summit, GRC 2019, TechDays Swe 2018, GRC 2018, Techorama BE 2018, TechDays Swe 2017, GRC 2017, DefCon 2016 - SE village, SEC-T 2016 and mixed Community meet-ups

#SOAR #DFIR #ThreatHunting

Certified Ethical Hacker


Area of Expertise

  • Information & Communications Technology


  • IT Security
  • Enterprise Security
  • cyber security
  • Incident Response
  • Microsoft Defender for Endpoint
  • Microsoft 365 Defender
  • Azure Sentinel

Reduce the Gap - Threat Hunting as a team

How do you work with threat hunting?. What is your organizations threat hunting maturity level?
How can you improve?

In this session, w will go through a process of threat hunting, reactive and proactive, and how you integrate with your response and analysis process to help you reduce the gap between hunters, analysts and responders to speed up post breach investigations and remediations.

Key takeaways:
- Learn how to build a process with threat hunting
- Learn how to reduce the gap and improve the efficiency of hunting

Defender for Endpoint - Deep Dive

This session is deep diving into Microsoft Defender for Endpoint with Advanced Threat Hunting. Configuration pitfalls and much more

What's new and how to deploy Defender for Endpoint for Servers Down-Level Agent

In this session we will walk through the features of the new Defender for Endpoint Down-Level Agent for 2012 R2 and 2016 server. New features, how to deploy and transition from todays MMA based agent.

Lessons learned from deploying at scale.

XDR - Microsoft 365 Defender

Microsoft 365 Defender provides XDR capabilities for your organization. But what does that really mean?
What are the components and how does it help you protect, detect and respond to threats.

In this session Mattias and Stefan will go through the capabilities ,mapping to the threat landscape and share knowledge from the field.

Key takeaways:
- Learn the core of Microsoft 365 Defender
- Why do you need these capabilities to
- Real scenarios
- Notes from the field

Live response with Microsoft Defender for Endpoint

Many organizations are moving to the Microsoft Defender for Endpoint solution but how should you work with the different features and capabilities?
In this session Mattias and Stefan will share how to extract forensic artefacts from an endpoint and respond to threats with the Live Response feature in Microsoft Defender for Endpoint and use tools from the security community

Detect and Respond with Microsoft 365

How can we detect Incidents and more importantly how can we respond in an efficient way to the Incidents that will occur when we get enhanced detection capabilities. In this session we will give you insights to an efficient Automated Security Incident Response Process.

Defender ATP - Hardcore Deep Dive

This session is deep diving into Microsoft Defender ATP. Advanced Threat Hunting, Live response and services running on the client side

How to build a Security Operations Center with Microsoft Technologies

In this session we will walk you through what capabilities you need and how you can use different Microsoft Technologies to build your Security Posture.

Take care of your Clients you don't WannaCry

In this session we will walk you through how to Build a Secure Client that is resistant against modern Threats. We will cover the Security Stack of a Client including Windows 10 Security Features and Windows Defender ATP

From Code to Cash

In this session we will walk you through how hackers are exploiting companies and what you can do to stop them from being successful. We will walk you through one of the biggest cases where 700 companies in Sweden where compromised by a group of hackers.

Techorama 2023 Belgium

May 2023 Antwerpen, Belgium

WorkPlace Ninja Summit 2022

September 2022 Luzern, Switzerland

Nordic Virtual Summit

February 2021

SANS Threat Hunting & IR Europe Summit & Training 2020

How to automate response with M365

January 2020 London, United Kingdom

Tech Days 2017

May 2019 Kista, Sweden

Microsoft TechDays 2018

October 2018 Kista, Sweden

Def Con 24

Social Enginering Village - Scam caller session

August 2016 Las Vegas, Nevada, United States

Mattias Borg

Cyber Security Geek

Stockholm, Sweden