Kim Hansen

Rolle at Sicra

Kim's role as the team leader for SOC at Sicra operates on three different levels: service, team, and customer follow-up. When it comes to the SOC service, it involves establishing, developing, and maintaining it.

Kim mentions five different ways he follows up on the service:

1. The basis for any SOC service is to have continuous log collection and incident management.

2. Proactive security follow-up involves adjusting log sources, clarifying the normal state, alerting, improving defense mechanisms, and possibly confirming or refuting potential risk factors.

3. Good security advice is important. It involves a lot of risk and vulnerability management, handling threat information, and recommendations related to security measures. Here, recognized security frameworks such as CIS, NIST, and NSM principles are very important.

4. Unknown threats and major attacks can occur. Being able to handle the situation at the customer's site is important. We depend on collecting necessary data, defining the extent of the damage, and limiting it. Communication with customers and authorities, as well as restoring normal conditions, then become important tasks.

5. Several customers see the need to view their external attack surface. In addition, they want third-party validation of the SOC's ability to detect and respond.

Another important task is following up on the SOC team.

– As people, we are different and often have very different backgrounds and expertise.

One of Kim's tasks is to ensure that each team member has the resources they need and the opportunity, and not least the time, to further develop their professional skills.

– Sicra is not just about high professional competence, but also about taking care of each other personally. Therefore, it is also important that we use and get time for a life outside of Sicra. When we and our social circles thrive, the team also functions better.

The last – but also the most important – task is following up with customers.

– Customers need follow-up on the use of services and guidance on how they can have an easier everyday life, including handling incidents and security in a good and efficient way.

Education

Unlike many others, he has a traditional high school education with a focus on practical subjects, including electrical and operations within the electrochemical and metallurgical industry.

– As a young person, I liked this field a lot, but chose to move to Oslo in 1993 as an electrician apprentice. Unfortunately, my body didn't agree with it, so in 1995, I retrained to IT.

His first certification in Microsoft was: "Microsoft Certified Professional" in Windows 3.1/DOS 6.22.

– I obtained this in 1996. Since then, there have been quite a few certifications. The last count was over 50 different professional certifications.

In recent years, the focus has been on general security certifications, such as GIAC. He holds 7 active certifications in this area.

Experience in cybersecurity

– I started with security related to firewalls and networks in 1999/2000. At that time, firewalls were built differently than today – with the configuration on a floppy disk.

Watchguard, along with their acquisition of RapidStream (the Vclass series), was his first encounter with groundbreaking security solutions in the early 2000s. They were among the first to have proxy-based mail filtering in the firewall.

– The Vclass series also had a unique feature where we, as an MSP partner, could apply policies at multiple hierarchical levels. This allowed us to manage many customers with a fairly similar setup.

Over time, he became familiar with several firewalls, including Palo Alto Networks firewalls in 2008/2009. His first installation of these firewalls was on version PAN-OS 3.0. Even then, they had application-based rule sets at layer 7.

– It was completely unique at the time. Other vendors then, and even now, adhered to port and protocol. Opening web traffic was a door opener for Palo Alto Networks as they could inspect applications and not just http/https.

Experience in larger projects

There have been many different types of assignments in the private and public sectors. Much has involved design, configuration, and segmentation related to on-premise and cloud-based infrastructure solutions.

– It has been particularly demanding and challenging to work with mergers of county municipalities and organizations that require security clearances and design beyond standard off-the-shelf solutions.

– There have been older solutions, often with insufficient documentation, that need to be reviewed and secured. It was particularly interesting to secure them in a different way than initially planned.

Security mindsets such as Zero-trust and Defensible Security Architecture have been critical strategies in recent years. More and more customers have realized the value of having a risk-based approach to the data they want to protect.

– In addition, I have spent a lot of time with customers implementing recognized frameworks such as NIST, CIS, and NSM principles. Many customers have requested these to map how their security solutions have accounted for them.

He says that he has found it very enjoyable to shift the discussion away from gut feelings and towards a risk-based approach to security frameworks.

Leisure activities

Kim is married and has five children, and he enjoys spending time with his family.

– I have also reached the maintenance age and need to take training seriously. So I train two to three times a week to keep my body in maintenance mode.

He has two principles he lives by: