Security Boost

Incident Response

In this lecture‑style course, developed and delivered by experts from the Truesec Incident Response team, you’ll learn how to configure and harden your IT infrastructure to achieve stronger resilience against cyber threats.

Drawing on extensive real‑world experience handling complex security incidents, our team will walk you through proven configuration practices that strengthen critical infrastructure components—and highlight common pitfalls that can leave environments vulnerable. These sessions are packed with practical, actionable guidance to help you build a more secure, robust, and attack‑resistant IT environment.

cyber incident preparation

Four Expert-Led Sessions

The training is structured into four distinct sessions, each focusing on key areas for strengthening resilience. The content is based on our extensive experience from years of incident response engagements.

After these sessions, you will know about common pitfalls we have experienced during incident response, and how to avoid them. Helping you to better understand how to improve resilience in your IT environment and better prepare it for when the worst happens. The sessions will be held online and presented in English.

Dates: March 16, 18, 23 and 25.

Time: 15:00-17:00

Price: 7 900 SEK excl. VAT

2026-03-16

Session 1

Time: 15:00-17:00

The first session focuses on securing identities – one of the most critical assets in any modern environment. We’ll cover best practices for both Active Directory and Entra ID to strengthen your identity posture.

2026-03-18

Session 2

Time: 15:00-17:00

The second session will focus on how to configure your network to avoid common pitfalls and enhance security. The session emphasizes practical, balanced approaches without overcomplicating your setup.

2026-03-23

Session 3

Time: 15:00-17:00

The third session will cover how to protect the hypervisor layer without compromising business functionality. We’ll explore practical strategies to secure virtual environments effectively.

2026-03-25

Session 4

Time: 15:00-17:00

The fourth session will dive into proven practices for securing your backup solutions, ensuring immutability, and preventing unauthorized access. The focus is on resilience and recovery readiness.

Course Description

Session 1 – Identity

In this session you will learn the most common misconfigurations in Active Directory and Entra ID leading to a breach and what you can do to fix it.

  • Direct and indirect Administrators – How many Domain Admins do you have?
  • Certificate Templates – Everyone can become a Domain Admin!
  • Undertaking a Zero Trust mindset toward Active Directory and Entra ID administration.
  • Protecting Active Directory joined systems from accidental credential exposure.

Speakers: Viktor Hedberg and Ted Molin

 

 

Session 2 – Network

In this session you will learn how to configure your network to avoid common mistakes witnessed in several incidents in the past.

  •  Next Generation Firewall features.
  • Ensuring administration of the environment can only be performed from correct machines, on the correct network.
  • Remote Access best practices.
  • Micro-segmentation considerations.

Speakers: Viktor Hedberg and Heresh Zaremand

Session 3 – Virtualization

In this session you will learn how threat actors abuse your virtualization configuration to complete the breach and finally reach their end-goal. This session will also include ways to effectively combat this issue.

  • The virtualization platform should be protected.
  • The issue with domain joined virtualization hosts.
  • Correctly segmenting the virtualization from production Active Directory, Backup, and Storage.
  • The use of privileged access workstations to manage your infrastructure components – Why it is a must!
  • Enable Self Service will minimize security and operational risks

Speakers: Viktor Hedberg, Anders Olsson and Peter Löfgren

 

 

Session 4 – Backup

In this session you will learn and understand how a backup/restore solution should be configured to provide a solution to prevent data loss.

  • Backup is not the same as a disaster/recover.
  • Backup must be encrypted, by you, not the attacker.
  • Restore speed needs to be pre-calculated.
  • Backup must be performed before doing a restore.
  • You really need to reinstall the exact same version of your backup application to be able to restore.
  • Escape room exercises will train the team to perform complete restore

Speakers: Viktor Hedberg and Mikael Nyström

 

 

What Our Previous Security Boost Attendees Have to Say

"At Truesec, you are professional and competent, and it's enjoyable to take a course with you."

Security Boost - IR

Quick facts / FAQ

What language will be used?

All sessions are held in English.

How much does the training cost?

The price is 7 900 SEK excl. VAT.

Will you receive a recording after the sessions?

Yes, participants will receive access to the recording on demand after the session.

We are a couple of colleagues who would like to participate, can we purchase one ticket and join from a conference room?

Tickets are priced per person, so all participants need to purchase their own. But joining from a conference room with colleagues sounds great!