🎙️ Paul Svenning
Talk Title: It’s Game Over, Man – How to Train Your Blue Team
Abstract
In a world of APT actors and cyberattacks that are evolving faster and faster, it is becoming increasingly important for SOC and CSIRT to practice in order to handle incidents quickly and effectively.
However, for many, it remains just a thought — because incident response practice often seems expensive, time-consuming, or resource-heavy.
This talk shows that it doesn’t have to be. With a simple setup using playing cards, dice, and a bit of imagination and playfulness, teams can regularly train on high-impact incident response scenarios with minimal overhead.
Paul takes the audience through:
- The importance of practicing incident handling — even if it doesn’t involve the whole organization
- Why even teams without a formal SOC should prioritize regular blue team exercises
- How short, frequent training sessions create strong learning effects over time
- How he built a blue team from scratch using Backdoors and Breaches, dice, house rules, and a playful team atmosphere
This talk is packed with practical advice for turning security process training into something teams actually look forward to — and making readiness part of the culture.
Bio
Paul Svenning is Principal Security Advisor at Globeteam Norway, specializing in roles such as CISO for hire. With 15 years of experience in the cybersecurity field, he helps clients demystify cybersecurity and navigate it safely and effectively.
Previously, Paul served as Cyber Security Lead at NorgesGruppen Data, where he built and trained an internal blue team — guiding team members to become confident security analysts and incident handlers. His passion for practical, approachable security shines through in everything he does.
Paul also co-hosts the Norwegian podcast IT-Direktoratet, which he highly recommends.