Governing Body Spotlight
Co-Chair of the Nordic CISO Community
Senior Vice President and Chief Security Officer
Bjørn R. Watne has been working with Information Security for two decades and is currently CISO for the Storebrand Group – the largest private asset manager in the Nordics. Previous to joining the financial sector, Watne held numerous positions within Telecoms as well as working as a consultant with different industries.
He has his BSc in Computer Science from Agder University in Norway, and an MBA from ESCP in Paris, France. Professional certifications include CISSP and ISSMP from (ISC)2, and CISA, CISM, CRISC, CGEIT and CDPSE from ISACA. Over the years he has held numerous board positions with professional associations and is a regular speaker at industry events.
Learn more about leaders in the Nordic CISO community here.
Give us a brief overview of the path that led to your current role.
As with the role itself, my career in information security has evolved over time. Studying Computer Science in the late 1990s, security wasn't part of the syllabus. It wasn't even offered as an elective! In 2000 some older friends of mine founded an Infosec startup and needed staff. Fresh out of university, I thought, how hard can it be – and haven't looked back since. Spending the first few years as an analyst, I then went into architecture and solutions design, with a brief spell in marketing working to translate tech-stuff to business-speech.
From there I went on consulting for a few years before landing my current position with insurance company Storebrand in 2014. Starting as Manager in IT-Security with two colleagues, I am now a Senior Vice President and Head of Group Security with ten times the resources, and responsibilities encompassing the second line of defense and even business continuity management. That's one thing I love about my job – it's still constantly evolving, and with the digitalization of society and a more complex threat landscape also ever more important. There's never a dull day for a head of information security.
What is one of your guiding leadership principles?
I believe in leading by example. When you set the bar, you cannot as a leader go below. Never expect anything from anyone that you aren't willing to do yourself. Another thing I've always been a firm believer in is what is today called "inclusive leadership." Any successful leader should master the skill of composing diverse teams that challenge and enhance each other. Putting people together that have a diverse background, competence and culture will stimulate creativity, increase thinking outside of the box and force the breaking of old habit patterns.
As an engineer it pains me to write 2+2=5, but that is indeed something I've found to be the truth with diverse teams and inclusive leadership. Make sure you share the same underlying values, though, least it might prove difficult finding common ground – and in turn a common goal.
With disruption being a key theme of the past year, where do you see your role as a CISO leader going in the next 1-2 years?
As mentioned before, the role of the CISO is really evolving at the moment. Coming out of IT, information security – or cybersecurity – has definitely taken its spot amongst the major operational risks to any (digital) business today. Depending on the industry and local regulations, I believe we will see a split between Security Operations and Security Governance going forward. To successfully work proactively with security strategy and improving the security posture, one simply cannot be bothered with intrusion detection and incident management at the same time.
The CISO role is slowly merging with that of business management as part of GRC-functions (Governance, Risk and Compliance). New positions will be created within IT to monitor threats and act on incidents as part of infrastructure operations. The CISO role will merge into a more strategic one working with cyber risk management, security awareness and offensive/proactive audits and controls.
What advice would you give to someone just starting out in the role?
Find allies! Being a CISO is not a one-person job. To be successful you need to have a people around you and if you haven't got direct reports – create a virtual team. From the get-go it's also very important you make your organization aware that the ownership of risk lies with them and that you aren't a scapegoat. Once people have the message they're accountable, it makes them a lot more open to your advice and a lot easier to collaborate with.
Tell us 3 fun facts about yourself.
I love traveling, and I've set foot on all seven continents. There are too many good stories to tell here, but one I remember well is the time I had dinner with the President of Papua New-Guinea when visiting Port Moresby. Later I was driven back to my hotel in an officially decorated, government car. And the reactions upon my arrival there -- oh my...
I've always been a very curious person and also tried a variety of sports. In my teens I was actively competing in speedskating with pretty good results – sometimes even beating people who were later to compete in the Olympics. Turning 18 my interests changed, and (sadly?) that career was buried. The full body suit is still tucked away in a closet somewhere, though.
Oh, and I shouldn't be let near a karaoke-stage at late hours...
What is the value of participating in a professional community through Evanta?
What I enjoy the most with Evanta's approach is that they keep the circle both wide and tight. I meet the right people here and feel the ones coming in are properly vetted. Discussing topics of interest with people sharing my challenges and concerns is a lot more fruitful than speaking with those below or above. Even though we're in different industries and different companies, we all share very many of the same challenges and discussing them with peers from outside your own home ground gives me great value.
Another thing I have come to enjoy is the close follow up Evanta makes of their communities. The short questionnaires and following info-graphs, the frequent events, and last but not least the way they include community members both on the board and the governing bodies ensures topics discussed are always relevant and up-to-date.
Evanta Governing Body members share their insights and leadership perspectives to shape the agendas and topics that address the top priorities impacting business leaders today.
by CISOs, for CISOs
Join the conversation with peers in your local CISO community.