<span id="hs_cos_wrapper_name" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="text" >Harald Hauknes</span>

Harald Hauknes

Security Architect
Harald Hauknes has extensive experience in Security Operations Centers (SOC), incident response, threat detection, DevSecOps, and modern cloud-based security environments. He combines operational security expertise with a strong understanding of technology across automation, analytics, and integrations, and has worked with both strategic advisory services and hands-on incident response throughout much of his career. 

Before joining Sicra, Harald worked as a Senior Security Engineer at Sorasec and as a Cyber Security Engineer at Watchcom Security Group. He also has experience from the Norwegian University of Science and Technology (NTNU), where he worked with security analysis, incident response, and the establishment of a Security Operations Center (SOC).

What are you most passionate about professionally?

I am particularly passionate about Security Operations, incident response, threat detection, and automation in SOC environments. I really enjoy the intersection of analytics, technology, and operational security.

At the same time, I am interested in how automation and DevSecOps can help organizations manage security faster and more efficiently without creating unnecessary complexity.

What characterizes good security solutions today?

The best solutions are those that work well in practice and are adapted to how the organization actually operates. Security must be integrated into processes, development, and operations, rather than being added as an extra layer on top.

I also believe that strong security environments need to use automation intelligently. If too much time is spent on manual tasks, organizations lose capacity for analysis, prioritization, and handling real threats.

In modern SOC environments, much of the focus is on reducing noise, gaining better context around incidents, and enabling analysts to respond more quickly and accurately.

You have worked extensively with SOC, SIEM, and incident response. What makes this field exciting?

I really enjoy the operational side of security work, where you need to understand technology, attack methods, and business operations at the same time. Incident response often involves working methodically under pressure and making fast decisions based on limited information.

It is also exciting to see how modern SOC environments continue to evolve through increased use of automation, enrichments, visualization, and AI-assisted analysis.

What I find especially rewarding is building SOC services that genuinely help customers prioritize effectively and manage incidents efficiently in practice.

You also work extensively with DevOps and Infrastructure as Code. Why is this important for security?

Modern IT environments evolve so rapidly that security can no longer be managed manually. Infrastructure as Code, automation, and CI/CD processes make it possible to build security into deliveries from the very beginning.

This is about speed, quality, and consistency. When security controls are automated, it becomes easier to maintain a strong security posture even in complex environments with a high rate of change.

What do you see as the biggest challenge organizations are facing right now?

Complexity and the sheer volume of signals. Many organizations have a large amount of security technology in place, but lack effective processes for prioritizing, analyzing, and responding to what actually matters.

At the same time, cloud technologies, AI, and modern attack methods mean that security environments need to be more flexible and adaptable than ever before.

For many organizations, the challenge is not a lack of alerts, but rather the ability to distinguish between what is critical and what is merely noise. That is exactly where strong SOC environments create value.

You have worked both strategically and operationally. What does that combination bring?

It provides a better understanding of what actually works in practice. There is a significant difference between creating well-crafted strategies and being in the middle of an incident where systems must be analyzed, decisions must be made quickly, and the organization expects answers.

I believe it is important to understand both perspectives in order to build strong security environments over time.

What characterizes a strong professional environment?

A strong professional environment consists of curious people who share knowledge and enjoy solving problems together. The security field evolves extremely quickly, so no one can know everything on their own.

I particularly enjoy environments where people can discuss strategy at a high level while also diving deep into technical details when needed.

What do you want customers to experience when working with Sicra?

I want customers to experience strong expertise, pragmatic advice, and people who genuinely care about solving their challenges. The goal should always be to reduce risk in a way that works in practice for the organization.

I also believe it is important to explain security in a way that is easy to understand, both for technical teams and for people who suddenly find themselves in the middle of an incident and need clear, practical guidance.

What motivates you in your work?

I am motivated by understanding complex problems and building solutions that make security work more efficient and manageable. I also greatly enjoy the combination of analysis, technology, and continuous learning.

Is there something people might not know about you?

I have always been highly technology-driven and curious about how things work beneath the surface. That is probably one of the reasons why I enjoy security analysis, automation, and incident response so much.

In recent years, I have also spent a great deal of time exploring AI and machine learning in a security context, particularly how automated decision-making processes and enrichments can support modern security operations.