Truls Dahlsveen
Security Engineer & Microsoft Security MVP
Oslo, Norway
Actions
Hey guys, my name is Truls and I do security-related stuff mostly detection, automation and security engineering.
My experience spans from system- and network-administration, penetration testing experience and SOC, mainly security and automation engineering. I'm a Microsoft MVP in SIEM&XDR and spent most of my time off work either experimenting with some technical stuff or playing video games. I'm very curious and love to learn new thing, but my favorite thing is talking about or hearing others talk about things they tried that didn't work.
Links
Badges
Area of Expertise
Topics
Why your detections suck and what to do about it
Hopefully not yours in particular, but if they do, let's try to remedy that.
This talk aims to help you learn about detection engineering, dive a bit into the current detection ecosystem and find some of the most common reasons why detections are doomed to fail from the deployment.
The talk is suited for everyone, from those who are just interested to learn about detection engineering is and what role it plays. You'll either learn something or disagree on something. Discussion furthers knowledge and not every piece of gained knowledge applies equally everywhere, context matters, especially in detection.
What is this talk not? Well, this is not a KQL masterclass. It's a talk that walks all the way from a level 100 introduction to the topic and sometimes skirt on the edges of level 300.
Demos included.
Five years of cloud-first security monitoring - lessons learned and mistakes made
In this presentation, we will look into 5 years of accumulated experience doing security monitoring by primarily using a cloud-first approach. What lessons can be gleamed from moving security monitoring from on-premise and into the cloud, and what mistakes should you probably avoid?
Attendees can expect to learn a little bit about the different type of logs we can find in the cloud, along with some neat security features and tools that help us detect malicious activity. Combine this with a cloud-based security information and event management (SIEM) tool, and we're flying.
Don't know security monitoring? We'll cover that as well, with a quick introduction into how it's done and some dos and don'ts.
Before we all go our separate ways - let's try predicting the future! What will cloud-first security monitoring look like going forward? Is AI the way, is SOAR really as dead as Gartner want's us to believe, and will the focus on national autonomy put a damper on the adoption of cloud-based security tooling? Come and see!
Learning security monitoring through failure
Security operations centers are something out of a book of forbidden spells. Usually hidden in the basement or behind a glass-wall, shrouded in secrecy and rarely spoken about - but why? Well, I don't know, but if you've ever wanted to learn about what security monitoring is and how you can leverage it for improved security, look no further!
In this talk we will learn about security operations by the way we screw it up. Join me for some interesting war-stories, anti-patterns and hopefully some valuable pieces of hard-earned advice!
How to not mess up your Microsoft Sentinel deployment
The year is 2025 and we are officially in the age of "instant gratification". Quick wins are the name of the game, and while the countless golden nuggets of sites like LinkedIn might provide some insights if put in the proper context, some things still require that special ingredient called time.
Join me in exploring the current state of Microsoft Sentinel, how to get started and most importantly what mistakes to avoid when setting up your security monitoring.
Detection as Code - Microsoft Defender XDR and Microsoft Sentinel
Friends don't let friends click to deploy - unless you work in security. Detection is rarely one-size-fits all and are often created per tenant or workspace to fit with the usage patterns and environment. Of course, this also applies to security automation, orchestration and response (SOAR) components used as part of detection. So how do you handle hundreds of detection queries across multiple environments, while allowing local adoptions and let the security team focus on managing incidents?
In this session we will explore some ways to deploy and manage detection content as code, both natively in Microsoft Sentinel and using infrastructure as code and CI/CD pipelines. No matter if you are managing 1 or 10 tenants, there will be something to consider for everyone.
Anti-patterns in Security Monitoring
Planning to start looking into security monitoring? Wondering what f-ups to avoid? Look no further! In this session we'll explore some common anti-patterns (mistakes) people make when trying to start with security monitoring!
Field notes on Security Strategy
Having spent years working as a sysadmin, developer, penetration tester and security engineer, Truls will present some of his takes on modern Security Strategy. What is Zero Trust actually, what are some common misconceptions and antipatterns to watch out for, and how do you go about actually improving your security? Is there such a thing as the perfect security configuration?
Automating security monitoring
Continuously increasing volumes of data, architectural complexity, sophisticated threat actors, and alert fatigue are well-known challenges in security monitoring.
In this presentation, we will explore how we can make security monitoring more efficient by automating as much of the incident handling as possible.
Deploying and managing Microsoft Sentinel as Code
Friends don't let friends click to deploy anymore.
In this talk we will explore the world of deploying and managing Microsoft Sentinel across multiple workspaces and tenants from the perspective of an MSSP.
This approach is applicable for anyone managing more than one Microsoft Sentinel workspace.
NDC Security 2026 Sessionize Event
Festive Tech Calendar 2025 Sessionize Event
BSides Copenhagen 2025 Sessionize Event
NIC Rebel Edition Sessionize Event
MVP-Dagen 2025 Sessionize Event
Sikkerhetsfestivalen 2025 Sessionize Event
Workplace Ninjas Norway 2025 Sessionize Event
NDC Oslo 2025 Sessionize Event
Microsoft Community Insights Podcast Sessionize Event
Azure Spring Clean 2025 Sessionize Event
Sikkerhetsfestivalen 2024 Sessionize Event
NDC Security 2024 Sessionize Event
Microsoft Security User Group 2024 User group Sessionize Event
MVP-Dagen 2023 Sessionize Event
Sikkerhetsfestivalen 2023 Sessionize Event
FIRST Norway
Presented "Managing and deploying Microsoft Sentinel as Code"
Truls Dahlsveen
Security Engineer & Microsoft Security MVP
Oslo, Norway
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top