Jump to navigation Jump to content

Most Active Speaker

Truls Dahlsveen

Truls Dahlsveen

Security Engineer & Microsoft Security MVP

Oslo, Norway

Actions

Hey guys, my name is Truls and I do security-related stuff mostly detection, automation and security engineering. A little TL;DR on myself:

6 years experience from system- and network-administration, 2 years penetration testing experience and 6 years SOC experience, mainly security and automation engineering. I was one of the main architects behind the first Microsoft MXDR-verified solution in Norway and once upon a time I was rank 2 on HackTheBox in Norway (hackers always disclose location I've heard...), but this was back before it become really popular so I wouldn't really put any stocks into my hacking skills.

Some accolades include World first Microsoft Sentinel Black Belt, World top 500 Mythic Sire Denathrius (in a two-day raiding guild, I think top 10 for two-day). On the business side of things I'm a Microsoft MVP in the SIEM & XDR category.

I'm a converted cat-person (ask and I'll show you pictures of course) and I own a roadbike that's never been ridden outside before (I'm terrified of riding outside). Other fun facts include the fact that I only recently learned how to properly brush my teeth (if you know, you know) and my second fav buzzword is Zero Trust (not a product). Also way to fond of Battlefield 6 at the moment!

Links

Badges

Area of Expertise

  • Information & Communications Technology

Topics

  • Security
  • Cloud Security
  • Information Security
  • Azure Security
  • IT Security
  • Cloud Security Architecture
  • Microsoft 365 Security
  • Azure Lighthouse
  • Microsoft Sentinel
  • Defender XDR
  • Microsoft Defender XDR
  • Microsoft Defender for Cloud
  • Microsoft Defender for Office
  • Microsoft Defender for Endpoint
  • Microsoft Defender for Identity
  • Microsoft Defender for Office 365
  • Microsoft Defender for Cloud Apps
  • SentinelOne
  • Microsoft MVP
  • SIEM
  • Security Information and Event Management (SIEM)
  • XDR
  • SOAR
  • Sentinel Data Lake
  • Agentic SOC
  • PowerShell
  • Security Testing
  • Security Copilot
  • SecOps
  • DevSecOps
  • SOC
  • Security Operations
  • Security Operation Center
  • Security Operations Center (SOC)

Sessions

Kjente feil og fallgruver i Microsoft sikkerhetsstacken

Bli med på en innsiktsfull og praktisk presentasjon der vi deler våre erfaringer med Microsofts sikkerhetsløsninger. Vi vil utforske Microsoft-applikasjoner og styringen rundt dem. Videre vil vi belyse kjente fallgruver i XDR-porteføljen (Extended Detection and Response) og gi gode tips for å unngå disse.

Gjennom hele presentasjonen vil vi dele våre "lessons learned" og praktiske tips for å unngå vanlige feil og fallgruver. Deltakerne vil få verdifull innsikt i hvordan de kan styrke organisasjonens sikkerhetsevne og robusthet. Denne erfaringsbaserte fremføringen vil gi deg konkrete verktøy og strategier som du kan ta i bruk umiddelbart for å forbedre sikkerheten i din egen organisasjon.

Learning security monitoring through failure

Security operations centers are something out of a book of forbidden spells. Usually hidden in the basement or behind a glass-wall, shrouded in secrecy and rarely spoken about - but why? Well, I don't know, but if you've ever wanted to learn about what security monitoring is and how you can leverage it for improved security, look no further!

In this talk we will learn about security operations by the way we screw it up. Join me for some interesting war-stories, anti-patterns and hopefully some valuable pieces of hard-earned advice!

How to not mess up your Microsoft Sentinel deployment

The year is 2025 and we are officially in the age of "instant gratification". Quick wins are the name of the game, and while the countless golden nuggets of sites like LinkedIn might provide some insights if put in the proper context, some things still require that special ingredient called time.

Join me in exploring the current state of Microsoft Sentinel, how to get started and most importantly what mistakes to avoid when setting up your security monitoring.

Detection as Code - Microsoft Defender XDR and Microsoft Sentinel

Friends don't let friends click to deploy - unless you work in security. Detection is rarely one-size-fits all and are often created per tenant or workspace to fit with the usage patterns and environment. Of course, this also applies to security automation, orchestration and response (SOAR) components used as part of detection. So how do you handle hundreds of detection queries across multiple environments, while allowing local adoptions and let the security team focus on managing incidents?

In this session we will explore some ways to deploy and manage detection content as code, both natively in Microsoft Sentinel and using infrastructure as code and CI/CD pipelines. No matter if you are managing 1 or 10 tenants, there will be something to consider for everyone.

Anti-patterns in Security Monitoring

Planning to start looking into security monitoring? Wondering what f-ups to avoid? Look no further! In this session we'll explore some common anti-patterns (mistakes) people make when trying to start with security monitoring!

Field notes on Security Strategy

Having spent years working as a sysadmin, developer, penetration tester and security engineer, Truls will present some of his takes on modern Security Strategy. What is Zero Trust actually, what are some common misconceptions and antipatterns to watch out for, and how do you go about actually improving your security? Is there such a thing as the perfect security configuration?

Automating security monitoring

Continuously increasing volumes of data, architectural complexity, sophisticated threat actors, and alert fatigue are well-known challenges in security monitoring.

In this presentation, we will explore how we can make security monitoring more efficient by automating as much of the incident handling as possible.

Deploying and managing Microsoft Sentinel as Code

Friends don't let friends click to deploy anymore.

In this talk we will explore the world of deploying and managing Microsoft Sentinel across multiple workspaces and tenants from the perspective of an MSSP.

This approach is applicable for anyone managing more than one Microsoft Sentinel workspace.

Events

NDC Security 2026 Sessionize Event Upcoming

March 2026 Oslo, Norway

Festive Tech Calendar 2025 Sessionize Event

December 2025

BSides Copenhagen 2025 Sessionize Event

November 2025 Copenhagen, Denmark

NIC Rebel Edition Sessionize Event

October 2025 Oslo, Norway

MVP-Dagen 2025 Sessionize Event

October 2025 Oslo, Norway

Sikkerhetsfestivalen 2025 Sessionize Event

August 2025 Lillehammer, Norway

Workplace Ninjas Norway 2025 Sessionize Event

June 2025 Oslo, Norway

NDC Oslo 2025 Sessionize Event

May 2025 Oslo, Norway

Microsoft Community Insights Podcast Sessionize Event

April 2025

Azure Spring Clean 2025 Sessionize Event

March 2025

Sikkerhetsfestivalen 2024 Sessionize Event

August 2024 Lillehammer, Norway

NDC Security 2024 Sessionize Event

January 2024 Oslo, Norway

Microsoft Security User Group 2024 User group Sessionize Event

January 2024 Oslo, Norway

MVP-Dagen 2023 Sessionize Event

October 2023 Oslo, Norway

Sikkerhetsfestivalen 2023 Sessionize Event

August 2023 Lillehammer, Norway

FIRST Norway

Presented "Managing and deploying Microsoft Sentinel as Code"

November 2021 Oslo, Norway

Truls Dahlsveen

Security Engineer & Microsoft Security MVP

Oslo, Norway

Links

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top