now
4 labs live · 9 total

What I do

Microsoft security work for Norwegian customers — through Spirhed Norway AS. Three areas where I spend most of my time.

Microsoft Sentinel & Defender XDR

Design and implement Microsoft security solutions for Norwegian customers — Sentinel, Defender XDR, Entra ID, Intune. Run PoCs and technical pilots across the Microsoft security platform.

MDR service design

Service design for managed detection and response — offering, onboarding, multi-tenant operations. Draws on building Crayon's MDR from scratch and leading the security operations team.

Detection engineering & KQL hunting

Detection engineering, threat hunts and incident response in Microsoft Sentinel and Defender XDR. KQL queries for forensic analysis and detection automation that reduces false positives.

$ whoami --long

Senior Cybersecurity Consultant at Spirhed Norway.

Before Spirhed: built Crayon's MDR from scratch and led the security operations team. Two years of hands-on cloud security consulting before that — forensic investigations, identity security deployments, and KQL hunting in Sentinel and Defender XDR.

Håkansson Labs

trym.cloud is the distribution and trust layer for Håkansson Labs — an agentic shipping factory. The catalogue is grouped by what each thing is: the Platform that builds everything, the Products anyone can use today, private utilities, and a client delivery for context. Per-card pills show what is live versus in build.

Products 6 projects

Public, self-shipped products and tools that anyone can use today.

Private utility 1 project

Personal tooling that runs as private infrastructure — no public surface by design.

07Personal MCP

Tryms-helse / Lifetracker

A personal health data project: a Mac-mini-hosted MCP backend that ingests HealthKit data, plus an iOS app that surfaces it. No public landing — runs as personal infrastructure.

Swift / HealthKit · MCP · Mac mini backend building building — private
FAQ

Frequently asked

Who is Trym Håkansson and what does he work on?

Senior Cybersecurity Consultant at Spirhed Norway, based in Moss. He advises on, designs and implements Microsoft security solutions for Norwegian customers — Sentinel, Defender XDR, Entra ID. Outside of work he builds Håkansson Labs — an agentic shipping factory and the products it ships, including Politipuls (real-time map of Norwegian police incidents), Morgenbrief (a daily Norwegian finance newsletter), and The Conductor (the self-hosted pipeline that builds and deploys his own sites).

What does a Microsoft security consultant actually do?

A Microsoft security consultant designs and operates the security platform Microsoft sells — primarily Microsoft Sentinel (SIEM), Defender XDR (endpoint + identity + email + cloud), Entra ID (identity), and Microsoft Purview (data protection). Day-to-day work covers detection engineering with KQL, incident response playbooks, MDR service design, identity hardening, and architecture reviews — translating Microsoft product capability into outcomes a Norwegian operations team can actually run.

What is the difference between Microsoft Sentinel and Defender XDR?

Microsoft Sentinel is the SIEM and SOAR layer — it ingests logs from any source, runs KQL analytics rules, and orchestrates response. Microsoft Defender XDR is the unified extended-detection-and-response platform that natively covers endpoints (Defender for Endpoint), identity (Defender for Identity), email (Defender for Office 365), and cloud apps. In a mature deployment both are used together: Defender XDR for native Microsoft telemetry, Sentinel for everything else plus correlation across the lot.

What is MDR and how do you design a managed-detection-and-response service?

MDR is the operational service wrapped around detection tooling — 24/7 monitoring, triage, escalation, and response delivered as a service rather than as software. Designing one means choosing the platform (Sentinel + Defender XDR on the Microsoft stack), defining alert tiers and escalation paths, building detection content and runbooks, agreeing SLAs and reporting, and standing up the multi-tenant operations model that makes the economics work across more than one customer.

Where is Trym based and what regions does he serve?

Moss, Norway. He works for Spirhed Norway across the Nordics, with Norwegian customers as the primary focus. Reachable at [email protected] or via LinkedIn for consulting, speaking, or collaboration inquiries — including remote-friendly engagements across Europe.

How can I hire or contact Trym?

For consulting through Spirhed Norway AS, speaking engagements, or collaboration on Håkansson Labs projects, the fastest channel is email at [email protected]. LinkedIn at linkedin.com/in/trym-haakansson works as a secondary route, and the response time on both is typically within one business day.

$ contact

Get in touch

For consulting through Spirhed, speaking, or to discuss anything from Håkansson Labs — email is the fastest way.