From early warning to verified restore - with Chris Melin & Daniel Larsson
Book an interactive masterclass with Chris Melin, Recovery Consultant, and Daniel Larsson, Senior Storage Engineer, both at Cristie. In 30-90 minutes, you'll understand how threat detection and recovery assurance work together - and why treating them as separate disciplines is one of the most common mistakes organisations make when planning for a cyberattack.
Daniel Larsson | Senior Storage Engineer at Cristie
Chris Melin | Recovery Consultant
About this Masterclass
Detecting a ransomware attack is not the same as being ready to recover from one. And having a verified backup is not the same as knowing it's free from malware. In this masterclass, Chris and Daniel walk through both sides of the equation together - the detection layer and the recovery layer - and show how they need to be connected to actually work under pressure.
Most organisations find out too late that these two things don't talk to each other. The security team detects something. The backup team starts looking for a clean recovery point. Nobody is sure which snapshot is safe. The clock is running.
This masterclass is built around that scenario, and what a better approach looks like:
-
How Rubrik Anomaly Detection uses machine learning to identify encryption, unusual access patterns, and ransomware behaviour in backup data - without touching production systems
-
How to identify a clean recovery point with confidence, not guesswork: threat hunting, IOC scanning, and snapshot isolation explained in plain terms
-
What Recovery Assurance actually means - continuous, automated restore verification triggered on every backup, in an isolated clean-room environment
-
How anomaly detection and restore testing connect: knowing both that the threat has been detected and that the recovery point behind it is genuinely safe to use
-
What "blast radius" analysis looks like in practice - mapping which files, systems, and applications were affected before starting recovery
-
How to build a recovery loop that closes the gap between detection and verified restore, and document it in a way that satisfies NIS2 and other compliance frameworks
Chris brings the recovery strategy and process perspective. Daniel brings the engineering depth. Together, they cover the full loop - from the first alert to a confirmed, clean restore.
Who is this masterclass for?
This masterclass is suitable for organisations that:
-
Have both a backup solution and some form of threat detection in place, but have never tested whether they work together in a real incident
-
Want to understand how to identify a safe recovery point quickly, without the risk of reintroducing malware into production
-
Face regulatory requirements - NIS2, DORA, ISO 27001 or sector-specific frameworks - that demand both threat detection and tested recovery capability
-
Have experienced a ransomware incident, or are actively planning for one, and want to understand the detection-to-recovery workflow end to end
Typical participants: IT security managers, backup and recovery owners, CISOs, IT architects, and compliance officers responsible for cyber resilience and business continuity.
Structure and format
Duration: 30-90 minutes depending on your needs
Format: Online or on-site at your premises
Style: Scenario-driven session built around a real attack timeline - from first anomaly to verified restore - combining Chris's recovery process expertise with Daniel's hands-on technical depth
Materials: Basic presentation material and a brief written summary can be shared afterwards
Each masterclass is adapted to your environment and your current setup. You won't get a generic walkthrough. You'll get a concrete conversation about where your detection and recovery capabilities connect - and where they don't.