Pre-conference sessions announced!

Make even more of your NIC 2019 experience.  

Make even more out of your NIC2019 experience by attending one of the pre-conference sessions. These intensive sessions bring together the best minds in the industry to provide deep-dive knowledge sharing in a unique setting. Please note that an additional fee is required for the pre-conference sessions. Limited amounts of tickets available.


Pre-conference session:

A Threat Hunters Methodology: Enhancing your Security Operation Center

w/Roberto Rodriguez and Jared Atkinson

Wednesday February 6th
09:00 – 17.00,
Registration from 08:15
Radisson Blu Plaza, Sonja Henies plass 3 0185

Enabling the right event logging and centralizing the collection of different data sources is finally becoming a basic security standard. Collecting and storing security event data has become an inexpensive task for organizations of all sizes. Even though this has allowed companies to increase the level of visibility from a data perspective, there are multiple challenges that analysts still face because of the amount of data being collected. Traditional SIEM capabilities are not cutting it anymore and they are limiting the way that data can be described or analyzed. In addition, not only do security analysts need the right technology, but it is also very important to have a well-defined methodology when hunting for adversarial techniques.

Trying to find the needle in the haystack is becoming a little bit more challenging. The idea now is to find relationships and structural patterns among potential needles in the haystack and identify the most interesting ones. This is the basis of threat hunting and it calls for complementary advanced analytic techniques, and a structured approach via adversarial detection playbooks that go beyond ad-hoc hunting operations. In this workshop, we will focus on showing the whole process of consuming diverse datasets from endpoints, standardizing all the data, creating the right data analytics, and prototyping future hunting engagements via the development of hunting playbooks.

This course aims to provide you enough knowledge about the technology used to expedite ingestion and analysis of security events, and the methodology used for SpecterOps to plan and execute hunting engagements across several organizations.


Who is the target audience?

  • Security Analysts
  • Threat Hunters
  • Incident Responders
  • Developers and IT Engineers
  • IT Administrators
  • Software Architects
  • Information Security Managers (Technical or Non-Technical)


Level: 200



Roberto Rodriguez

Roberto Rodriguez is a Senior Threat Hunter at SpecterOps where he specializes in the development of analytics to detect advanced adversaries techniques. His experience performing incident response and threat hunting engagements, in various industries, has encouraged him to help organizations improve their security posture and share his knowledge with the information security community. He is also the author of several open source projects, such as the Threat Hunter Playbook and HELK, to aid the community development of techniques and tooling for hunting campaigns. He currently maintains his blog at


Jared Atkinson

Jared Atkinson is a security researcher who specializes in Digital Forensics and Incident Response. Recently, he has been building and leading private sector Hunt Operations capabilities. In his previous life, Jared lead incident response missions for the U.S. Air Force Hunt Team, detecting and removing Advanced Persistent Threats on Air Force and DoD networks. Passionate about PowerShell and the open source community, Jared is the lead developer of PowerForensics, Uproot, and maintains a DFIR focused blog at


Pre-Conference Session:

Building a Modern Datacenter: Ready for Hybrid Cloud 

w/ Mikael Nyström and Markus Lassfolk

Wednesday February 6th
09:00 – 17.00
Registration from 08:15
Radisson Blu Plaza, Sonja Henies plass 3 0185

We should build our Datacenter so it can easily scale into a Hybrid Cloud. If you need an on-premises datacenter, for either your own data or as a service provider, it should be constructed in a cost-effective way, and it should be as automated as possible. It also needs to support various scenarios as well as provide support for various workloads. If that is what you need then this training is for you. 

In this packed one-day pre-conference you will learn from experts that builds 10-15 datacenters every year how to do it yourself. 


Class outline: 

Planning for datacenter and Private Cloud

  • Architectural concepts and design
  • Fabric and Workload Architecture
  • Hardware requirements and best practices
  • Design of Compute, Network, Storage and Management
  • Scalability of Compute, Network, Storage and Management


Windows Server

  • Hyper-V
  • Storage spaces direct
  • Hyper-Converged
  • Scale-out file servers
  • Failover clusters
  • Active Directory and OU design
  • Automation with group policies



  • Creating reference images for deployment
  • Deploying physical and virtual servers


Virtual Machine Manager

  • Configuring networks (switches, connectors, uplinks)
  • Configuring VMM
  • Automatic Patch Management
  • Creating templates for VMs
  • Creating a private cloud


Data Protection

  • Configuring Protection for files, SQL, Active Directory
  • Configuring protection for VMs
  • Configuring protection for live migration



  • Configuring Operations Manager (SCOM)

  • Configuring Performance and Resource Optimization (PRO)

  • Using SCOM to monitor servers and services



  • Configuring Orchestrator
  • Configuring and using Service Management Automation (SMA)
  • Creating runbooks for automation


Self-service Web Portals

  • Configuring Windows Azure Pack
  • Creating self-service offerings
  • Introduction to Microsoft Azure Stack



  • Windows Admin Center
  • PowerShell

Who should attend? 

IT-pros and administrators that wants to build a modern datacenter for an enterprise or hosting environment.


Level: 300 (Advanced)



Mikael Nyström

Mikael Nystrm is a Microsoft MVP and Principal Technical Architectat TrueSec, with an extremely broad field of competence. He has worked with all kinds of infrastructure tasks, in all kinds of environments, enterprise to small business. He is currently building Private Cloud solutions based on Hyper-V, System Center and Windows Azure pack as well as building deployment solutions for client OS as well as Server OS. Mikael is a very popular instructor and is often used by Microsoft for partner trainings as well as to speak at major conferences such as TechEd, MMS, etc. Lately Mikael has been deeply engaged in the development of Windows 10 and Windows Server 2016/2019 as part of TAP.


Markus Lassfolk


Markus Lassfolk is a Microsoft Cloud and Datacenter Management MVP and working at TrueSec as a Principal Technical Architect, with a big focus on building private and hybrid clouds in your datacenter or using public clouds, all based on Microsoft Infrastructure and technology.

As a leading profile and expert in IT security, he is also a hugely popular instructor and speaker at different events.