I help global manufacturing enterprises manage cybersecurity risk in environments where downtime means safety incidents and production losses.
What I Do
Information Security Management • Cybersecurity Governance • Risk Management • IT/OT Security • Enterprise ISMS
15+ years specialising in information security and cybersecurity governance at enterprise scale across international manufacturing operations.
Featured Content
📝 Latest from the Blog
Control Frameworks Built Backwards Most organisations start with standardised control catalogues and work backwards to justify coverage. Few start with business context, threat landscape, and actual vulnerabilities to determine which controls reduce risk and which waste resources. 20 January 2026
You Can Outsource the Work, But Never the Accountability A Norwegian court case delivers a €5.6 million lesson on business continuity, supplier management, and why manufacturing executives can’t outsource operational accountability. 16 January 2026
Governance That Actually Governs Most security governance is theater - committees that rubber-stamp, decisions that decide nothing, metrics that measure activity not outcomes. Here’s how to build governance that actually works. 15 January 2026
Root Cause Analysis: The Hidden Risk Decisions We Never Knew We Made What if the hardest root causes to analyze are those buried in risk decisions we never understood we were making? Most cybersecurity incidents trace back to implicit risk acceptances hidden in everyday business choices. 14 January 2026
💼 Portfolio Highlights
System Security Concepts Article Series (7 articles, ~19,000 words) Comprehensive guidance on implementing systematic security documentation within ISMS frameworks. Covers everything from foundational concepts to practical implementation templates.
- The Foundation of Security Governance - What security concepts are, stakeholder perspectives, and early planning principles
- Core Components - How architectural choices transform threats across SaaS, cloud, and on-premise environments
- Control Selection and Security Frameworks - Proportionate response using ISO 27001/27002, NIST, IEC 62443, and CIS Controls
Target audiences: CISOs, Security Directors, Enterprise Architects, Security Architects
🔬 Research & Publications
Technical writing and analysis on security frameworks and risk quantification.
Get in Touch
- Email: sv@eikrem.org
- LinkedIn: linkedin.com/in/stene-6187aa7
- Mastodon: @StoreSteinen@infosec.space
- Bluesky: @storesteinen.bsky.social
This site is built with Quartz and published under CC BY 4.0.