Security Boost - Incident Response

Four Expert-Led Sessions

The training is structured into four distinct sessions, each addressing key areas for enhancing environmental resilience. These sessions are based on our extensive experience in incident response engagements over the years. The sessions will be held online from 3 pm to 5 pm CET, and presented in English.

Times: 15:00-17:00 (CEST)
Place: Online

Price: 7,900 SEK exkl. VAT

Dates:

• 2025-11-17
• 2025-11-18  
• 2025-11-24
• 2025-11-25

The first session focuses on securing identities – one of the most critical assets in any modern environment. We’ll cover best practices for both Active Directory and Entra ID to strengthen your identity posture.

The second session will cover how to protect the hypervisor layer without compromising business functionality. We’ll explore practical strategies to secure virtual environments effectively.

The third session will focus on how to configure your network to avoid common pitfalls and enhance security. The session emphasizes practical, balanced approaches without overcomplicating your setup.

The fourth session will dive into proven practices for securing your backup solutions, ensuring immutability, and preventing unauthorized access. The focus is on resilience and recovery readiness.

After these sessions, you will know about common pitfalls we have experienced during our incident response engagements, and how to avoid them. Helping you to better understand how to improve resilience in your IT environment and better prepare it for when the worst happens.

Course Description:

Session 1 – Identity & Access

• In this session you will learn the most common misconfigurations in Active Directory and Entra ID leading to a breach and what you can do to fix it.
  
• Direct and indirect Administrators – How many Domain Admins do you have?
  
• Certificate Templates – Everyone can become a Domain Admin!
  
• Undertaking a Zero Trust mindset toward Active Directory and Entra ID administration.
  
• Protecting Active Directory joined systems from accidental credential exposure.

Speaker: Viktor Hedberg and Ted Molin

Session 2 – Virtualization

In this session you will learn how threat actors abuse your virtualization configuration to complete the breach and finally reach their end-goal. This session will also include ways to effectively combat this issue.

• The virtualization platform should be protected.
  
• The issue with domain joined virtualization hosts.
  
• Correctly segmenting the virtualization from production Active Directory, Backup, and Storage.
  
• The use of privileged access workstations to manage your infrastructure components – Why it is a must!
  
• Enable Self Service will minimize security and operational risks

Speaker: Viktor Hedberg, Jörgen Brandelius and Anders Olsson

Session 3 – Network segmentation

In this session you will learn how to configure your network to avoid common mistakes witnessed in several incidents in the past.

• How, and when to use micro-segmentation.
  
• Next Generation Firewall features.
  
• Ensuring administration of the environment can only be performed from correct machines, on the correct network.
  
• Remote Access best practices.

Speaker: Viktor Hedberg and Heresh Zaremand

Session 4 – Backup/Restore configuration

In this session you will learn and understand how a backup/restore solution should be configured to provide a solution to prevent data loss.

• Backup is not the same as a disaster/recover.
  
• Backup must be encrypted, by you, not the attacker.
  
• Restore speed needs to be pre-calculated.
  
• Backup must be performed before doing a restore.
  
• You really need to reinstall the exact same version of your backup application to be able to restore.
  
• Escape room exercises will train the team to perform complete restore

Speaker: Viktor Hedberg and Anders Axhake

Sign up here!