At the Industrial Security Conference the 13 -15 September you can hear a NIS 2 panel discussion with Søren Egede Knudsen, CEO & IT/OT Security Expert, Egede. The new NIS2 Directive aims to address emerging technologies, the modern threat landscape and fragmentation across Member States and to significantly increase cybersecurity capabilities throughout the EU. Hear more at the conference.
Before the conference in November read an interview with Søren here.
What is your background? And how do you work with industrial security on a daily basis?
Since I was young, I have been interested in electronics and computers. In the mid 90’s I was working with servers and at that time, I got introduced to firewalls. I believe it was Border Manager, but at that time it was not a fulltime job. Later, I worked as a Cisco Specialist with networking and security. Since my first introduction to security, it has had my special interest and it has been a core part of my career as subject matter expert, as CTO, and as CEO.
Since 2009 I have specialized in industrial networks and cybersecurity. In industrial cybersecurity there is many areas I work with e.g., legislation advice, cybersecurity assessments, penetration testing, software research and Cybersecurity due diligence to name some, as a consultant.
What do you see as the biggest opportunities and challenges in connection with cyber- and industrial security?
I believe the biggest opportunity is the openness, sharing of experiences and the process of understanding that industrial cybersecurity is critical and is not the same as cybersecurity in the “normal” IT sector. Unfortunately, this understanding is only in some companies, but I believe this is a positive trend and will come to more and more companies in the industrial sectors.
The biggest challenge is the shortage of knowledgeable resources in the industry. In the IT sector there is a lack of cybersecurity resources, but when we talk about the industrial area, the problem is at least ten times as severe. Recruiting people who are knowledgeable not only in IT, but also in industrial networks, is critical for the industrial companies but it is very difficult to find people with this profile.
When looking forward just 5-10 years, what do you think will be different within security?
In 5-10 years, companies will be able to better understand and integrate the different teams and groups. This not only within cybersecurity, but also engineering and management to better integrate and understand each other. In addition, I believe that there will be a higher pressure on vendors to make software with less vulnerabilities.
For the upper management I also believe that the company boards will understand the need for people that understand cybersecurity as a part of the board members.
From your point of view, how do you think we get more diversity in the industry?
I do believe this is already happening for the last years. I can see that there is a good increase in the number of women in the industry and more and more people starts looking at the industrial sector that is coming from IT. This not only on the protection side, but also on the dark side (hackers).
What are your own expectations for the conference? And which keynotes are you looking forward to hearing?
There are many things, so it is difficult to point about the specific topics, but the really technical parts are high on my interests and the legislations that is coming and their impact to the industry. In addition to this to meet up with friends and other people in the industry and create a bigger network.
What will your keynote be about, and which learnings are you hoping the participants take with them?
I will be on the NIS2 panel and have a discussion on the new regulations. I hope that people will have the interest and will see the big opportunity there is to increase the industrial cybersecurity of their plants and not only just comply to the regulation.
Besides more funds for security, what do you think would make a difference in the industry?
Better understanding and communication between people: At board level, between the board and leadership, and between the leaders and the technical personnel. To be able to protect your systems, you need all information, not just parts of it. This is not different from other areas of a business.
Do you want to hear more from Søren Egede and NIS2?
Join the Industrial Security Conference the 13 -15 September and hear the NIS 2 panel discussion with Søren Egede among others. Read more about the conference and sign up today.