🎙️ Eirik Sveen
Talk Title: On the Receiving End of TIBER: A Reformed Red Teamer’s Perspective
Abstract
Going from a red team lead on numerous international red team engagements — including a recent TIBER test — to a detection engineer at a large financial institution gives you a very different view of red teaming.
In this brutally honest talk, Eirik Sveen walks us through the results of Storebrand’s first TIBER test. You’ll hear the real story of successful social engineering against portfolio managers, the toll of red team testing on people, expensive C2 frameworks being used against defenders, company-wide attack alerts, token theft, defensive gaps, missteps, and some big wins.
But this is more than a postmortem. It’s a reflection — from someone who’s been on both sides — on what red teaming really means, how OPSEC often falls short, and what Eirik would do differently if he were on the offensive again. It’s a talk about tactics, trust, empathy, and evolving as a practitioner.
Bio
Eirik Sveen is a Senior Detection Engineer at Storebrand CDC, where he focuses on threat research and detection engineering. Before joining Storebrand, he was the red team lead at Orange Cyberdefense Norway and a red team operator at Banshie, a boutique Danish consultancy known for high-impact adversary simulation and TIBER engagements.
Eirik has performed red team operations, assumed breach assessments, detection validation, and social engineering campaigns across a range of industries. He has spoken at HackCon and Sikkerhetsfestivalen, and was one of the founding members and occasional hosts of the Norwegian security podcast 5h3llcast.