They authenticate.
They use valid accounts.
They leverage trusted workflows.
They move across AD, Entra, SaaS, cloud, and data center without triggering traditional controls.
By the time ransomware executes or data leaves the environment, the attacker has often been operating in plain sight for days.
If your detection strategy starts at payload execution, you are already late.

Agenda at a glance

13:00 to 14:00
Optional networking lunch

14:00 to 17:30
‍Technical sessions

• Initial Access: Identity as the Entry Point
• The Post-Login Kill Chain
• Real-World Investigation: Inside a Hybrid Identity Breach
  
• Early Detection and Containment: Finding Intent Before Impact

17:30 onward
‍Peer networking

Who should attend

This event is designed for:

• SOC leads responsible for detection strategy
• Security architects designing hybrid visibility
• Detection and response engineers tuning analytics
• Technical security decision-makers reassessing control effectiveness

If you think in terms of attack paths, telemetry quality, and dwell time reduction, this session is for you.

What you will walk away with

• A clearer understanding of how modern intrusions unfold after authentication
• A structured approach to analyzing identity-centric attack paths
• Insight into where hybrid detection strategies commonly fail
• Practical detection considerations you can apply immediately
• Peer discussion grounded in real breach anatomy

Seats are limited

This is a focused, practitioner-level event, not a mass webinar.

If you are responsible for reducing dwell time and closing identity-driven detection gaps, join us in Stockholm.