<span id="hs_cos_wrapper_name" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="text" >Eivind Seip Haugsnes</span>

Eivind Seip Haugsnes

Security manager (CISO-for-hire)

Eivind Seip Haugsnes strengthens Sicra’s CISO environment with over 20 years of experience in security management, risk management, and business development. He combines technical understanding with strong business anchoring and helps organizations structure, prioritize, and anchor security efforts within executive management.

Welcome to Sicra, Eivind! What will you be working on here?

Hi! I will be working to help customers promote security in their organizations.

You have previously been a CISO – what motivated you to take on a CISO-for-hire role?

I have worked a lot in organizations that are governed by group directives and long decision-making lines. It therefore motivates me to work with customers who can make faster decisions and are preferably earlier in their security journey.

What is the biggest challenge Norwegian organizations face in security management today?

The most important thing is to understand the risk landscape for their organization. For most, this means that security management, not least within cyber, is essential for solid and long-term operations and results.

You have worked extensively with ISO 27001, GDPR, NIS2, and DORA. How should leaders relate to increasing regulatory requirements?

For ISO 27001, it is also about establishing structure, requirements, and recommendations for information security, which is therefore central to the work your entire organization does within security. Shaping the organization’s information security management system.

They must understand the legal and commercial consequences of these. Not least, several of your customers may expect you to know their requirements, whether in Norway or other parts of Europe.

What characterizes an organization that succeeds with its security efforts?

That they regularly assess their needs, introduce good routines, and prioritize complying with them.

How do you work concretely with executive management teams and boards when you take on a CISO role?

There are large variations in what a CISO engagement can be – but:

  • Concretely, it is about creating trust and clarity regarding what the assignment is (initial meeting).

  • Gaining a good understanding of the organization (mapping).

  • Setting a clear plan for execution (project planning).

  • Ongoing dialogue and reporting (reporting).

  • Completion of delivery (handover to the organization).

You have experience from retail, wholesale, IT, and the Armed Forces. What do these sectors have in common when it comes to security – and what is different?

The Armed Forces have security as a foundational pillar in everything they do. It lies in the nature of their mission. In that sense, it was an excellent place to learn the basics and fundamental prerequisites.

For retail and also wholesale, the focus is of a more commercial nature, meaning what we must secure for ourselves, what our customers demand, and what requirements are set by authorities or other partners. Organizations within pharmaceutical sales and distribution naturally have additional security efforts.

What do you consider to be the most common mistake organizations make in their security work?

Many organizations have good security resources but lack good routines for continuous compliance, training, and focus (awareness).

They are “good soloists, but a poorly coordinated orchestra.”

How do you balance the need for security with the need for progress and growth?

Security at a regulatory minimum level is not negotiable – but investments must naturally support the organization’s growth. Furthermore, one should strongly strive not to create obstacles to how the organization works. It is not always easy, as security can conflict with simplicity.

What are you most looking forward to at Sicra?

I am very much looking forward to being part of Sicra’s professional family of highly specialized people. It is a completely unique collegium.

Which topics do you most enjoy discussing when you meet leaders?

I am very curious by nature, so understanding other leaders’ challenges and initiatives gives me a lot.

How do you keep yourself professionally up to date?

Oh. That is a big question. Well – podcasts, the web, news, and so on.

What personally motivates you in your role as a security leader?

Security is absolutely essential for our entire society and is the backbone of our modern world. If we want to preserve democracy and privacy, security must be part of the community.

A bit more informal

What do you prefer – structure or improvisation? Yes, please, both! Structure at work, and preferably improvisation when things move a bit faster.

Risk analysis or crisis management? Both. Normally analysis, and then crisis management is really being in action when it matters – that is also a real “high.”

Teams or in-person meetings? Teams will probably never become anything other than the meeting’s “fast food.” The exception may be if several people are working on a document together. The solution is very good there – also as a support tool in a physical meeting.

Mountains or sea? Fond of both, but I would probably say the sea. There is little that matches the view over a calm ocean surface.