<span id="hs_cos_wrapper_name" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="text" >Truls Thorstad Dahlsveen</span>

Truls Thorstad Dahlsveen

System architect at Sicra
Truls Dahlsveen strengthens Sicra’s security team as a Microsoft MVP, bringing broad experience in SOC, pentesting and modern security operations.

Name: Truls Thorstad Dahlsveen
Age: 33
Role/Title: Security Architect
City of residence: Oslo
From: Moelv

Welcome to Sicra, Truls! What will you be working on here, and where have you worked previously?

Hi, and thank you! I’m excited to get started. I’ll be working with security in all its shapes and sizes, mainly within the field of security operations and predominantly in the Microsoft ecosystem.

I have a background from the Norwegian Defense University College, the Signals Battalion in the Armed Forces, and Sopra Steria. In recent years, I have mainly worked as a security tester and security architect as part of Sopra Steria’s SOC (Security Operations Center).

Why did you choose Sicra, and what are you most looking forward to working on here?

I already knew Karl and André at Sicra, and they are both genuinely great people and highly skilled. I wanted to develop my technical skills further, learn from people who are better than me and challenge myself. Sicra seemed like the right place for that.

You have experience from both SOC and pentesting. What do you find most enjoyable or rewarding in those two areas?

I enjoy SOC work the most. Pentesting is fun in short bursts, but most of the time is spent reading code output or writing reports. If I could do a bit of both, that would be an ideal situation.

Which technologies or subject areas do you enjoy working with the most within the security field?

It varies. Right now I am very into detection engineering. Not going super deep into fine-tuning KQL, but more into implementing proper lifecycle management and testing. I am also very interested in SIEM and XDR, cloud security, and IAM. Over the last few months, I have spent quite a bit of time looking at AWS, Google and SentinelOne, in addition to my usual work in the Microsoft stack.

You have been referred to as the world’s first “Microsoft Sentinel Black Belt.” What does that mean?

Honestly, it is mostly luck. You receive the Microsoft Sentinel Black Belt when you have contributed to Microsoft’s product development for Microsoft Sentinel through the open Microsoft Customer Connection Program, as well as completed the Microsoft Sentinel Ninja Training. Being the first was just a coincidence.

You are also a Microsoft MVP in security?

Yes, that is right. Microsoft’s “Most Valuable Professionals” are experts within a Microsoft technology area who have contributed by sharing knowledge through articles, blogs, tools, presentations and more. I have been fortunate to be an MVP since 2022 within SIEM and XDR.

You were ranked number 2 in Norway on HackTheBox. For those who do not know HackTheBox, what does that mean?

I should clarify that this was a long time ago when the user base was much smaller. I play CTFs now and then (mostly boot2root), and HackTheBox started out as a platform for boot2root challenges. Typically, you only start with network access to a machine (a “box”), and you must find a way into it, first as a user and then by escalating privileges to administrator. You find two flags per box, corresponding to user and administrator, which give you points.

I’m a big believer in learning through practice, and I strongly feel that anyone defending an infrastructure should understand how that same infrastructure can be exploited and attacked. HackTheBox is great for that, along with TryHackMe, pwnedlabs and others.

What do you enjoy most when speaking on stage?

It depends on what I'm working on and whether something triggers me to talk about it. Usually it’s observations about things people in the industry are doing that I think are a bit suboptimal, but also when I’m tinkering with something really cool in my home lab and think others might benefit from it.

One of my favorites is “Field Notes on Security Strategy,” which I presented at the Munich Cyber Tactics Techniques & Procedures event. It came as a response to people not having a clear idea of where to start with security work and making simple mistakes when dealing with the cloud. In a similar style, I have also spoken quite a bit about mistakes we make in security monitoring, including at the Security Festival in Norway and at BSides Copenhagen. Recently, I was on stage at the Microsoft Security Summit talking about modern SecOps and what we need to start doing more to succeed with security. My talks range from very technical to more high-level perspectives.

“Home lab” sounds exciting – what is it?

I have had a desktop PC functioning as a lab for a while, along with an Azure environment. I recently replaced the old lab PC with a fanless mini PC, and so far I have set up a test environment for IoT devices and Active Directory. My latest project has been learning more about outbound proxies, especially how malware behaves when there is an outbound proxy requiring authentication. It’s also just handy to have a small environment you can spin up when you need to evaluate something or create a demo.

Which app do you use the most, and why?

These days it’s a tie between Spotify, VSCode and the Windows RDP app. Spotify because I love listening to music, and VSCode and RDP because I’ve been cooking up a lot of things in my home lab lately.

On LinkedIn you mention that you own a road bike that has never been outside. How did that happen?

I am simply a bit risk-averse (and I really enjoy watching movies while cycling), so the bike stays indoors mounted on a trainer.

Gaming is one of your interests – what do you enjoy playing the most right now?

Battlefield 6 is a favorite. The game itself is decent, but what I enjoy most are games you can play with friends. With Battlefield, a whole group of us bought it at the same time, and that automatically makes it more fun.

I’ve also spent a lot of time in League of Legends and Counter-Strike 2 over the past few years, with some occasional World of Warcraft. I usually try most new games when they come out, as long as I have someone to play with.

Anything else fun we should know about you?

I’m trying to learn Japanese. It’s going… okay-ish.

What do you prefer?

Home office or the office? Home office

Biometrics or code? Windows Hello for Business

Face ID or Touch ID? Face ID

Vipps or cash? Vipps

Gaming or TV? Gaming

Book or podcast? Book, 100%

Holiday in Norway or abroad? Abroad (in Japan)