Truls Dahlsveen
Security Engineer & Microsoft Security MVP
Oslo, Norway
Actions
Hey guys, my name is Truls and I do security-related stuff mostly detection, automation and security engineering. A little TL;DR on myself:
6 years experience from system- and network-administration, 2 years penetration testing experience and 6 years SOC experience, mainly security and automation engineering. I was one of the main architects behind the first Microsoft MXDR-verified solution in Norway and once upon a time I was rank 2 on HackTheBox in Norway (hackers always disclose location I've heard...)
Some accolades include World first Microsoft Sentinel Black Belt, World top 500 Mythic Sire Denathrius (in a two-day raiding guild, I think top 10 for two-day). On the business side of things I'm a Microsoft MVP SIEM & XDR
I'm a converted cat-person (ask and I'll show you pictures of course) and I own a roadbike that's never been ridden outside before (I'm terrified of riding outside). . Other fun facts include the fact that I only recently learned how to properly brush my teeth (if you know, you know) and my second fav buzzword is Zero Trust (not a product). Also way to fond of Battlefield 6 at the moment!
Links
Badges
Area of Expertise
Topics
How to not mess up your Microsoft Sentinel deployment
The year is 2025 and we are officially in the age of "instant gratification". Quick wins are the name of the game, and while the countless golden nuggets of sites like LinkedIn might provide some insights if put in the proper context, some things still require that special ingredient called time.
Join me in exploring the current state of Microsoft Sentinel, how to get started and most importantly what mistakes to avoid when setting up your security monitoring.
Detection as Code - Microsoft Defender XDR and Microsoft Sentinel
Friends don't let friends click to deploy - unless you work in security. Detection is rarely one-size-fits all and are often created per tenant or workspace to fit with the usage patterns and environment. Of course, this also applies to security automation, orchestration and response (SOAR) components used as part of detection. So how do you handle hundreds of detection queries across multiple environments, while allowing local adoptions and let the security team focus on managing incidents?
In this session we will explore some ways to deploy and manage detection content as code, both natively in Microsoft Sentinel and using infrastructure as code and CI/CD pipelines. No matter if you are managing 1 or 10 tenants, there will be something to consider for everyone.
Anti-patterns in Security Monitoring
Planning to start looking into security monitoring? Wondering what f-ups to avoid? Look no further! In this session we'll explore some common anti-patterns (mistakes) people make when trying to start with security monitoring!
Field notes on Security Strategy
Having spent years working as a sysadmin, developer, penetration tester and security engineer, Truls will present some of his takes on modern Security Strategy. What is Zero Trust actually, what are some common misconceptions and antipatterns to watch out for, and how do you go about actually improving your security? Is there such a thing as the perfect security configuration?
Automating security monitoring
Continuously increasing volumes of data, architectural complexity, sophisticated threat actors, and alert fatigue are well-known challenges in security monitoring.
In this presentation, we will explore how we can make security monitoring more efficient by automating as much of the incident handling as possible.
Deploying and managing Microsoft Sentinel as Code
Friends don't let friends click to deploy anymore.
In this talk we will explore the world of deploying and managing Microsoft Sentinel across multiple workspaces and tenants from the perspective of an MSSP.
This approach is applicable for anyone managing more than one Microsoft Sentinel workspace.
BSides Copenhagen 2025 Sessionize Event
NIC Rebel Edition Sessionize Event
MVP-Dagen 2025 Sessionize Event
Sikkerhetsfestivalen 2025 Sessionize Event
Workplace Ninjas Norway 2025 Sessionize Event
NDC Oslo 2025 Sessionize Event
Microsoft Community Insights Podcast Sessionize Event
Azure Spring Clean 2025 Sessionize Event
Sikkerhetsfestivalen 2024 Sessionize Event
NDC Security 2024 Sessionize Event
Microsoft Security User Group 2024 User group Sessionize Event
MVP-Dagen 2023 Sessionize Event
Sikkerhetsfestivalen 2023 Sessionize Event
FIRST Norway
Presented "Managing and deploying Microsoft Sentinel as Code"
Truls Dahlsveen
Security Engineer & Microsoft Security MVP
Oslo, Norway
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top