
Florian Hansemann
Top-ranked red teamer, expert in attack techniques and in the field of offensive security, @CyberWarship
Florian Hansemann is an internationally recognized penetration tester and redteamer, for example, he was ranked among the top 21 security sources in the world by SentinelOne and Techbeacon in 2018 and 2019. He is also one of the most well-known experts in the field of offensive security with over 60,000 followers with his account @CyberWarship on Twitter. In addition to vulnerability scans and red teaming assessments, penetration tests are the core business of his company HanseSecure.
Training
From Setup to SIEM: Wazuh in Real-World Security Monitoring
Description:
Wazuh looks simple at first: install the stack, connect a few agents, open the dashboard and wait for alerts. In real environments, this is where the real work begins. A default setup may be enough for a demo, but it is usually not enough for stable, useful and scalable security monitoring.
This workshop is for people who want to understand what it really takes to use Wazuh as a practical SIEM platform. We look beyond the quick installation and focus on the decisions that matter in production: architecture, sizing, multi-node setups, reverse proxies, internet exposure, agent rollout, rule tuning, Microsoft 365 integration, dashboards, alert quality and operational processes.
Participants will build and operate a Wazuh-based lab environment and learn how to connect clients, configure relevant data sources, work with standard and custom rules, create useful dashboards and generate real alerts. The goal is not to collect as many logs as possible. The goal is to understand which events matter, how alerts become actionable and why SIEM projects fail when architecture, tuning and operations are ignored.
We combine technical explanations, architecture discussions and hands-on exercises. Participants will not only see Wazuh, they will configure it, challenge it and use it to detect and evaluate real security events. Not a vendor pitch. Not a simple installation tutorial. Not another dashboard demo. A practical workshop about turning Wazuh from a default deployment into a useful security monitoring platform.
Target Group:
This workshop is for security engineers, system administrators, IT teams, consultants and technical decision-makers who want to use Wazuh seriously as a SIEM or security monitoring platform. It is especially relevant for teams that want to move beyond default installations and understand how to plan, operate and improve Wazuh in real-world environments with multiple systems, relevant data sources, meaningful alerts and sustainable operational processes.

