Sami Laiho

Sami Laiho is one of the world’s leading professionals in the Windows OS and Security. Sami has been working with and teaching OS troubleshooting, management, and security since 1996.

Sami has been auditing and implementing security solutions, specializing in Principle of Least Privilege, Application Control and Privileged Access Workstations, since 2002. Sami has deployed solutions for companies with between 1-550000 endpoints.

Sami currently works as a Chief Research Officer at

Since 2019 Sami has been chosen by TiVi-magazine as one of the top 100 influencers in IT in Finland. He is in the TOP10 most followed people in his field in Finland.

You can register for Sami Laiho’s courses through Corellia’s website.  Invoicing will be done by Matti Laiho  Ltd.


Implementing LAPS – On-Prem and Azure

Join, Sami Laiho, a world leading security expert, in this webinar and learn how to implement and manage LAPS, both on-prem/hybrid and Azure AD only.


Implmenting MFA – On-Prem, Azure and Everywhere

Join, Sami Laiho, a world leading security expert, in this webinar and learn how to implement and manage MFA, both on-prem/hybrid and Azure AD only, for just Privileged Access Workstations or the whole fleet. You learn how to deploy different protectors like physical keys, Windows Authenticator, Biometrics and 3rd party solutions, in different kinds of environments.


Implementing AppLocker – the Right way!

If you are using or are planning to use or evaluate AppLocker, this course is for you! Learn from the most experiences global expert how to avoid pitfalls and deploy AppLocker in a way that takes down the amount of work in IT and Security, instead of increasing it!


Implementing Privileged Access Workstations (PAW)

If you can RDP into a server or a jump server from any computer in your network, you are in trouble and you should join this training!

One concept to deploy in any modern environment is the Concept of Privileged Access Workstations. We simply cannot allow _any_ computer to take down the whole company or have access to resources that can. A normal end-user computer can access the Internet and can not be thus used to manage the environment. A separate workstation, that cannot access the Internet and is better secured and more controlled, is to be used for managing the environment. We simply cannot combine potential access to malicious content and management into the same device.

The PAW is the missing component that makes a properly tiered Active (or Azure Active) Directory secure and easy to manage!


Implementing High Secure Windows Firewall (and IPsec) in an Enterprise

Every computer, whether in a corporate LAN or a public network, needs to be protected with a firewall. This also applies to all servers! And this means the device itself and not a firewall on the perimeter. Zero Trust means that those protections are in place where ever you might take your computer, and that we can identify the computer and user, not just an address where it says it is. With Windows Firewall you can block pass-the-hash and other lateral movement techniques and by adding IPsec you can get all the benefits of 802.1x authenticated networks – only better, more granular and for free!
Join, Sami Laiho, a world leading security expert, in this webinar and learn how he manages different sized environments and deploys the concept of Client Firewalls


Implementing Principle of Least Privilege aka Getting rid of Admin Rights

In the new world of Zero Trust most companies are now aiming to get rid of local administrative rights for their end users. Sami Laiho has specialized in this field since 2002 and is the world leading specialist in his field.
Even the NT 3.1 User Guide states, that in Windows, there is no security if you give people local admin rights. Local admin rights give you the ability to bypass all company Group Policy / MDM -settings, take any logged on users’ identity, read/delete any files on the computer even with Deny ACLs, and probably the worst – the ability to breach the rest of the company systems.
Taking away end-user admin rights can lower the amount of Helpdesk tickets by 75%! Most people say that: “if I don’t have admin rights I can’t fix my computer” – No, in reality, it’s: “if you don’t have admin rights you can’t break your computer!”.
Most people think this hinders usability and is not possible for certain old apps, laptop users, or devs.
Sami has successfully taken away admin rights from all of these, in companies ranking from a single-person to a company with more than half a million users.


Implementing Microsegmentation for FREE

One part of the hyped concept of ZeroTrust is Microsegmentation. It aims to prevent lateral movement and move to an identity based control of network flows. It’ll bring you a more granular level of firewalling workloads and nodes from each other so that the barriers are not just at the edge of a subnet or VLAN.

ZeroTrust is the most horrible name ever… It sounds like Big Brother is watching and no one trusts no one, Honestly, behind the horrible name is a beautiful goal – To allow people to work as efficiently and as securely, whether they are in the corporate office or sitting in Starbucks. On this session I will show you how to build Microsegmentation for free with Windows 2000 and up, and also how I RansomWare-proofed my own home network by moving to a completely ZeroTrust and software based networking model.

The freedom of moving my devices anywhere where there is Internet access, even my servers, and no users noticing it… Is just AWESOME!


BlackBelt – Securing Windows 10 and Server 2016/2019

This training is meant for all administrators and security professionals who want to make sure their environments are ready for the new security era where traditional security measures like anti-malware are not effective anymore, and who want to make the best out of what Windows 10 and Server 2019 have to offer. Sami also teaches nurses, devs and CSO’s so don’t be afraid just join the class even if you are not the traditional ITPro!


BlackBelt – Troubleshooting the Windows OS

This course teaches you how the OS really works and how to troubleshoot it effectively. It is applicable to every OS from NT 4 to Windows 10 – both servers and clients. Learn to troubleshoot the hardest errors and raise your abilities above others! Let a world class presenter and troubleshooter teach you all tricks up his sleaves. Sami’s BlackBelt Troubleshooting session has been selected as the Best Session in TechEd North America 2014, TechEd Europe 2014 and TechEd Australia 2013 so you be sure to learn a lot in the most entertaining and effective way!


BlackBelt – Advanced Troubleshooting the Windows OS (Windows Internals included)

I offer two courses for troubleshooting of anything that related or runs on the Windows OS. If you’re thinking about which course to take first, take the other one. If you are totally familiar with the stuff on the other course you are very welcome to join this one as well. It’s just my professional opinion that the best troubleshooters can be taught by taking these two courses and it’s better to take the more Tools-oriented BlackBelt Troubleshooting course first and the join this Content-oriented Advanced Troubleshooting course next.

Have you ever wondered if Windows Pagefile settings should be changed or how they actually work? Have you ever wondered what the values in Task Manager actually mean – like Paged Pool, Working Set, Free memory etc? Do you know how a file actually gets cached and finally written to the disk or how threads communicate with each other? Have you ever wondered what Mutexes or Semaphores in Process Explorer really mean? If you don’t know the answers, come and join this course as it will provide you with the answers and a lot more!

My training:
Phone: +358505701100