Who are you and how did you become interested in cyber security?
Since I was 17, I had two big dreams: to get a pilot’s licence and to work in what we now call information security or cyber security. I always had a special place in my heart for computers and technology.
What is the most important aspect of your work?
We help secure Norway’s digital world/business.
What areas of cyber security do you focus on?
I work on security governance and DevOps adapted to the business risks and aligned to the business strategy. I also help customers migrate to and operate securely within a cloud computing environment.
Why is this exciting?
Digitalisation, cloud computing and innovation have played – and will continue to play – a role in how technology and businesses are evolving rapidly to support their customers in better and more secure and innovate ways.
What do you think are the most interesting controversies ?
Companies want to innovate and outperform their competitors, but very few are willing to change the way they do things.
What are your own favourite examples of, or projects linked to cyber security?
Our main projects include:
- Building DevSecOps-based (i.e. product and development integrated) security governance and risk management
- Building a risk assessment framework for cloud migrations
- Helping customers with digital identity transformations and governance across the entire organisation
- Co-authoring CSA guidelines to help all Norwegian companies move to cloud, with better minimum security baseline standards in place.
Can you name any other good examples?
Cybersec has been at the heart of various significant events in recent times, such as the IoT hacks against critical infrastructure like the US power grid and a Norwegian aluminium plant, and Facebook’s struggle with a rapid drop in customer trust and stock prices.
What do you think is the most relevant knowledge for the future?
- How to build security and privacy by design and default to enable business
- How to better invest in protecting operation technology (OT) and critical infrastructure
- How to use cloud security for enabling business and innovation
Is there anything unique about what we do in this field here in Norway?
Digitalisation. The security aspect of this digitalisation has also gained a lot of attention here.
What do you think is the most important takeaway from our conversation?
Security is more than just “restricting things”. It is about enabling business, innovation and more importantly customer trust and experience. Security is needed more and more, to enable businesses do things today that they couldn’t do yesterday.