At InfoTeam International we pride ourselves on producing informative, client-led events that add real value to those attending. Having successfully launched last year, we caught up with one of our delegates to find out more about them and understand what they believe the InfoTeam conferences bring to the industry.
Bjørn R. Watne has almost two decades of professional experience working within the Information Security industry and is currently employed as CISO for the Storebrand Group – delivering services within banking and insurance for the Scandinavian market. He attended our CISO event in Norway in February and we’re delighted he was willing to give us his thoughts after attending.
Bjørn, first of all can we ask you what value you believe you and other executives can gain from
attending this sort of event?
Firstly, I believe that the best way for all of us to become better at what we do is to share our
experiences with each other. It's well versed in the Financial Services Industry that "we don't
compete on security", and that the industry as a whole benefits from us collectively becoming more
digital secure and trustworthy as one.
The sharing of experience and learning from each other is definitely the big value here. People in our
role can be quite ‘alone’ in big corporations, and CISOs get a lot of value out of speaking with other
CISO's and other C-Suite Executives at events like these. At least I know I do!
The second thing is that, for many people, information security is seen as somewhat of a black hole.
It will continue to be so unless we tell others about the challenges we face, how we overcome them
and the benefits everyone get from doing so.
I believe that by contributing to and speaking at events like the ones hosted by InfoTeam in Oslo
helps to remove the veil covering our industry, and make it more apparent to the public in general all
the good stuff that's happening behind the curtains.
Moving onto the InfoTeam event in Oslo specifically and the well-received panel discussion, what
were your thoughts on the conversation, surrounding the evolution of the CISO role?
It's a very interesting topic, and one that will be ever-present, I think. Go 10 years back and every
head of security was a person with a background from either law enforcement or military service,
and it was all about locked doors and red tape.
If you look at Charles Darwin and his theory of evolution and the "survival of the fittest", we can draw
a direct parallel to that of the role of the CISO. If we fail to modernise our security strategy along with
the business strategy, then in the longer run we will become extinct. The panel was there to discuss
some of the issues we currently facing, and in 3-5 years from now we could have the same topics still,
yet be discussing totally different issues.
And how about the rest of the event, what were the key debates and points of interest for you?
I really enjoyed the question we discussed in the panel when we were talking about whether we were
really changing our digital strategy, or whether we were just changing the tools and approach, whilst
sticking to the same strategy. The fact that we managed to move the discussion from previous
approach of ’protect and defend’ to the future ’detect and respond’ was really interesting and
something I think everybody got a kick out of, judging from the increased participation from the
room that followed this topic.
Overall, what would you say was the most important thing learned at CISO Norway?
Events like these are great to measure whether one is on the right track and focusing on the right
things. During the event I got lots of confirmation that what I'm doing are the right things.
Also, like I previously mentioned, the fact that looking ahead at a more detect and respond approach
to threats would probably improve my work even further, made that a really interesting topic to
investigate in depth.
What makes an InfoTeam event different to other CISO conferences and events?
What's good with the InfoTeam events are that you get a smaller group of people gathered, meaning
that there is more time to discuss challenges and ideas between you and your peers, and fewer one-
to-many presentations being presented from the stage.
You're also good at bringing together the right mix of profiles and competence, and I like the layout
of the program that is a panel debate, case study led – with vendor insight. It always leaves room for
Based on what you experienced, who do you believe should attend these select, regional events?
Any CIO, a CISO or a CDO – essentially anyone who fits the profile of whom the event is targeted. But,
to get the most out of gatherings like this it's always important to bring the right mix of people with
the right experience and competence, so that everyone present has the opportunity to learn
something from each other.
I would attend another event, and it was a bonus that it was more or less “after hours”. It makes it
easier to combine with the busy daytime schedule that is the regular life of most CISO's!
Onto more general subject matters, can we ask you what you are responsible as a CISO and what
you believe makes you successful?
I'm responsible for protecting the integrity, confidentiality and availability of information and
information systems owned or managed by the Storebrand Group. This is done to the appropriate
levels in accordance with the risk appetite agreed upon by the CEO and the Board of Directors.
There are two things I think are important in order to be successful in what a CISO does. The first is
perhaps what is most important and our baseline, and that is being dependable. You must always
deliver – on time – and within or above expectation as the role is so critical to the company’s risk
Once that is established it's all about taking the lead or differentiating yourself from the rest. Go the
extra mile, pull the extra weight. If you can you will be noticed and, as long as the baseline has been
delivered too, you will then advance. This I believe is true for whatever it is you may be doing in life.
If there was a secret weapon one could employ in addition to this, I'd say mind your colleagues.
People work with people, and if you thrive to be a nice and likeable person – people will like you in
return. And I think everyone agrees that they prefer working with or for someone they like rather
than the opposite. Never underestimate the human touch.
You’ve alluded to the fact it’s a heavily time-demanding role, how do you manage that time and
deal with the pressure that comes your way being a CISO?
Would it be fair to say stay single and don't have children?! No, I didn't think so!
Jokes aside I think it's important to not make a bigger deal out of things than what they are. People
in general have a way of overreacting to most situations when the best solution is to stay calm.
Apart from having a fact-based and reasonable approach to things I tend to try and learn from the
past and focus on the long-term. There is a children's song in Norway that goes something like "You'll
have a new day tomorrow, white and clean. And you'll be given crayons of any colour so you can
paint it however you like, and correct any mistakes you might have made the day before."
Underlying this pretty picture is the fact that one should focus on what's ahead rather than what
went wrong. Mistakes will always be made – that's not the issue – the issue is whether we learn from
them and continuously improve.
And finally, do you have any advice for future CISO's?
Learn the business language! As a CISO you're becoming an increasingly important strategic asset to
the company, and your job is always to support the business more than it is doing security for the
sake of security. A successful CISO will be the one that allows him or herself to take risk, as there will
always be risks involved in making a profit. No risk – no reward. The technical background and
technical know-how is important both to know on what base you make your decisions, but also to
have sufficient credibility with your more technical employees so never the importance of that
baseline – but if you really want to succeed in your mission from strategic, via tactical to operational
level – you need to build on that technical platform with some business savviness.
Our thanks once again to Bjørn for his time. You can find him on LinkedIn here:
Prior to joining the financial sector, Watne held numerous positions within telecoms as well as
working as a consultant with different industries.
Bjørn attained his BSc in Computer Science from Agder University in Norway, and an MBA from ESCP
in Paris, France. His professional certifications include CISSP and ISSMP from (ISC)2, and CISA, CISM,
CRISC and CGEIT from ISACA, where he currently sits as Immediate Past President, and Director of
International Relations for the Norway chapter.