Navroop Mitter:

[00.00.02.23–00.00.29.17]

Hello, this is Navroop Mitter, founder of ArmorText. I’m delighted to welcome you to this episode of the Lock & Key Lounge, where we bring you the smartest minds from legal, government, tech, and critical infrastructure to talk about groundbreaking ideas that you can apply now to strengthen your cybersecurity program and collectively keep us all safer. You can find all of our podcasts on our site, ArmorText.com, and listen to them on your favorite streaming channels.

Navroop:

[00.00.29.19–00.00.52.05]

Be sure to give us feedback. Most security leaders spend their careers building out programs in the private sector. Strong compensation, clear organizational lines, and at least some degree of control over the stakeholder map. Occasionally, someone makes a call that’s quite different. Today’s guests left that world behind to take on one of the most complex security mandates on the planet.

Navroop:

[00.00.52.07–00.01.18.08]

He became the global CISO of INTERPOL, the international law enforcement organization supporting 196 member nations in the fight against transnational crime. We’re going to explore what that decision looked like up close, the why, the trade-offs, and what you learn about security leadership when your stakeholder map includes sovereign governments that may not always see eye to eye. So I am very delighted to welcome one of my friends, Bjørn Watne, to the Lock & Key Lounge.

Bjørn Watne:

[00.01.18.13–00.01.28.15]

Thank you, Navroop, for having me. It’s great to be here, and I know we’ve been working for some weeks to get this meeting together, so, very happy that we found the time.

Navroop:

[00.01.28.17–00.01.37.18]

Yeah, myself as well, and I, I love the fact that you just came off a vacation. So hopefully you’re as relaxed as possible as we, as we tape this episode.

Bjørn:

[00.01.37.21–00.01.40.03]

Yeah. Great. Go there. Yeah. Where you’re at.

Navroop:

[00.01.40.05–00.02.00.21]

For those of you who aren’t familiar with Bjørn yet, Bjørn, what is the global chief information security officer at INTERPOL, the world’s largest international law enforcement organization. His mandate includes all the efforts to protect the data of the 196 member countries. INTERPOL is based in Lyon, France. And he stepped into that role in July of 2025.

Navroop:

[00.02.00.23–00.02.31.13]

Bjørn built his security leadership credentials at some of Scandinavia’s most recognized institutions at Telenor, one of the world’s largest telecommunications groups. He held senior security roles spanning operations across multiple countries. At Storebrand, a leading Nordic financial services group. He brought that operational depth to bear in a regulated, high-stakes financial environment. He has also served on the boards and advisory committees of several companies across Europe, including a period as an associate partner and chairman of the advisory board at Tagore.

Navroop:

[00.02.31.13–00.02.55.20]

He was advising organizations on security strategy, governance, and risk management. Bjørn has been a vocal advocate for broadening who enters the security profession. He has argued publicly that cybersecurity needs not just more technical talent, but communicators, strategic thinkers, and leaders who can bridge security and business. And I believe that’s a philosophy. He now applies at one of the most consequential security posts in the world.

Navroop:

[00.02.56.00–00.03.17.05]

So for today’s topic, as we mentioned, where we’re going to be looking at Bjørn’s career path, but I want to add a little bit more context, given kind of the geopolitical tensions that have been taking place. Right? In a recent episode, we explored what the impact of rising geopolitical tensions in 2026 has meant for corporate boards, specifically whether or not governance structures are keeping pace with the threat environment.

Navroop:

[00.03.17.07–00.03.36.03]

So today, we’re going to be looking at some of that from a slightly different direction upstream, in a sense, and into the institution that sits at the center of international law enforcement’s response to that same threat landscape. Bjørn’s path to INTERPOL raises questions that don’t get asked too often in this industry. What does it mean to lead security when your mandate is truly global?

Navroop:

[00.03.36.05–00.04.08.02]

What does crossing from the private sector into international law enforcement actually require? And what can practitioners everywhere learn from someone who now sits at the intersection of geopolitics, sovereignty, and cybercrime? And so we’re going to move through that decision that brought him here, what the job actually looks like at that scale. With 196 member nations, the current geopolitical environment is shaping international collaboration, particularly around cybercrime, and what CISOs and IR practitioners should understand about how to work effectively with international law enforcement, if and when they need to.

Navroop:

[00.04.08.05–00.04.26.21]

And so with that said, let’s start by looking at your time at Telenor and Storebrand. These are names that open doors in the security world. They’re serious brands. They’ve got serious programs, serious scale. But right after that, you go to INTERPOL, which admittedly is also a recognizable name, though perhaps for slightly different reasons. You know what?

Navroop:

[00.04.26.21–00.04.31.00]

What drew you in? What was the actual full? What made you say yes to taking on this mission?

Bjørn:

[00.04.31.01–00.05.02.18]

Yeah, it’s a very good question. And first of all, I would say that I am privileged. I feel privileged to be here because it is really a unique opportunity. We are the largest international organization in the world with 196 member countries. And, for me, the pool is definitely the mission that our job, our mandate, is to empower and connect law enforcement agencies globally to fight organized crime.

Bjørn:

[00.05.02.18–00.05.38.08]

And I’m an avid traveler on a private level as well. So I’ve been to every corner of the world, and I’ve seen, firsthand, different hideous types of crime. It could be anything from an environmental crime, destruction of forests, illegal mining camps, to human trafficking, exploitation of the weak people in society. And the mandate and the role that INTERPOL, this organization, plays in coordinating law enforcement on a global scale to combat these hideous types of crime.

Bjørn:

[00.05.38.12–00.06.03.20]

Well, that’s a very important mission. And, the ability to be a part of that, I think, is very motivating, at least for me. So when this opportunity came along, and it wasn’t a given, typically this position, I’m the third CISO for INTERPOL, since its inception over 100 years ago. So when this opportunity came along, I took a chance, and I applied for it, and,

Bjørn:

[00.06.03.23–00.06.23.19]

Yeah, it was it was there something unique, and I think a very important mission to be a part of, obviously, at the time I’ve, I’ve been, as you mentioned, siso in the private sector for, for ten years as well. So, so I sort of felt that even though the mission is never complete, as I say. So there are opportunities to, to broaden your horizons and to learn more.

Bjørn:

[00.06.23.19–00.06.33.12]

So, yeah, I just felt that when I got this opportunity, which is quite unique, supporting this very important mission, it was an easy decision for me.

Navroop:

[00.06.33.16–00.06.49.10]

Yeah. Look, it definitely sounds like an amazing opportunity, one I think many, if not all, would find it hard to turn down. But like any such amazing opportunity, there must have been some trade-offs, right? And a lot of wondering, what did those look like? Right. What did you have to give up? Not just professionally, but personally.

Navroop:

[00.06.49.10–00.06.58.12]

Right. Because now you’re based in Lyon, but Norway is home. Was that carcass clear at the time, or did it only make sense in hindsight? What’s changed?

Bjørn:

[00.06.58.15–00.07.18.08]

Yeah, well, a lot has changed. I would say that for me, moving to another country hasn’t been as big of a change, because in my previous roles, I was also working globally. So I travel a lot. And even on the private level, I travel a lot. So, I have family spread across the globe as well.

Bjørn:

[00.07.18.08–00.07.41.02]

So. So I’m quite, familiar with, with, with the outside world, so to see outside of Norway. But there were a couple of trade-offs. You mentioned it in the, in the opening that this is not where you go for a big salary. So, so that had to be adjusted. I had to make some compromise with, renting out the apartments while, while renting a new one, and things like this.

Bjørn:

[00.07.41.02–00.08.06.19]

But again, that was an easy trade-off for the privilege of being allowed to serve a few years with INTERPOL. I would say that the benefits, though, greatly outweigh the negatives. If I were to mention one negative is that the food and beverage culture in France generally and in Lyon especially is a challenge for the, for the weight.

Bjørn:

[00.08.06.19–00.08.26.14]

So, I need to exercise a lot more than I do. And I thought, but, but yeah, knowing, in general, I found it very easy to accommodate France as a new base of operation. And again, I travel a lot, in my profession, even in my previous job. So wherever I lie, my head is home.

Navroop:

[00.08.26.19–00.08.38.05]

I love it. Well, weight challenges notwithstanding, what were the other surprises that happened in the first few months? Right. Was there anything you thought you understood about the role going in that turned out to be quite different in practice?

Bjørn:

[00.08.38.05–00.09.05.07]

Yeah, I would say the intersectionality of the organization. We are not that many, employees directly under the INTERPOL umbrella, but we have more than 140 nationalities employed. And in my previous job with Telenor, there were many nationalities as well. I think we were 1215 on my immediate team. But 140 is something completely different.

Bjørn:

[00.09.05.07–00.09.31.04]

And just to go for lunch was like entering a world-class or something. So that was a real surprise. In my first months to see how truly international the environment was and, and my colleagues and also I was surprised with how the international organization element fits in, as you mentioned, my, my, my previous career was in very regulated industries.

Bjørn:

[00.09.31.06–00.09.57.18]

Critical infrastructure, financial services. And I’m very used to being compliant with different rules and regulations. INTERPOL, as an international organization, enjoys partial immunity, and we enjoy immunity from regulations like this, too, like GDPR, like DORA, like all of these things that CISOs in the private sector struggled with. So that was a surprise for me.

Bjørn:

[00.09.58.00–00.10.11.10]

And, and I was I remember thinking, but what am I going to use as leverage now that we don’t need to be compliant with GDPR? So, so, so, yeah, it’s a different challenge. And definitely interesting.

Navroop:

[00.10.11.15–00.10.32.18]

That is interesting, though. You’re joining an organization that, you know, as 196 member countries, you intellectually, I guess, you knew that there were going to be team members from all around the world, probably a majority of those in terms of 140. But I guess you’re right there. Almost nothing would actually prepare you for how an international experience would truly be on a day-to-day basis.

Navroop:

[00.10.32.20–00.10.52.19]

You’ve never worked in an environment like that. That’s interesting. I’d love to dig in a little bit more on that. On that. So you said when it came to the compliance frameworks, you no longer had the bulk of those available to the users. There’s kind of a guiding light in terms of your own operations. What do you actually use that is what actually does guide how you approach things?

Bjørn:

[00.10.53.00–00.11.16.21]

Well, that would be quite similar to the private sector. I would say the customer is always right. And INTERPOL, as an organization, we also have our customers. In our case, the customers will be the 196 member countries. So my argument, my sort of guideline, when I draw the strategies, would be what is it that our customers require from us?

Bjørn:

[00.11.16.23–00.11.51.22]

What is important that we deliver to them, and what risks are these deliveries? Faced with? And then prioritize accordingly, for many, CISOs in the private sector, fighting for budgets, and for attention, would be easily backed by, leaning on regulatory frameworks and potential fines that I cannot do here. But, it’s still very relevant to use the deliveries that we are obliged to make to our member countries and highlight the risks.

Bjørn:

[00.11.51.23–00.11.53.02]

That these are operational.

Navroop:

[00.11.53.02–00.12.03.05]

So, for anyone who would love to be free of all the regulatory requirements put on them, be careful what you wish, you might wind up with 196 customers giving you their own independent requirements.

Bjørn:

[00.12.03.09–00.12.26.08]

Yeah, it’s, it’s not like the Wild West there either. We have, we have our own constitution, and we have the rules, INTERPOL’s rules for processing of data. That sort of would be our guideline. And these rules are, and the Constitution is approved by the general Assembly, and they are sort of the governing principles and our regulatory requirements.

Bjørn:

[00.12.26.08–00.12.34.11]

So it’s not the carte blanche to do whatever you want. We still need to sort of be within the risk acceptance and the agreed requirements.

Navroop:

[00.12.34.14–00.12.49.13]

So now with 196 member nations, what changes about the data and the mechanics of security leadership? I mean, when you’ve got responsibilities at scale, I imagine things despite the scale you had to Telenor are still quite different.

Bjørn:

[00.12.49.18–00.13.18.04]

Yeah. I, you can say that. And, I would say my role as CISO has really evolved through my different appointments. When I started my career, 25 years ago, it was as a technician. I was an engineer in computer science, and I started working as a security analyst. And so many years I was at technologists, and that is also who I was when I went into my first CISO role.

Bjørn:

[00.13.18.08–00.13.50.20]

Just before taking that role, I completed my MBA. So I had more insight into the business acumen, business strategy. And I sort of built my philosophy as a Siso on bridging business outcome with security and risk management, which is much of the reason that you will succeed as a side. So I would say, but coming into into financial services, then I realized that it’s not just enough to be a, technologists and a, and a business leader.

Bjørn:

[00.13.50.22–00.14.13.03]

Now I have to be a lawyer as well, because there are so many regulatory requirements. And then you had the GDPR coming, and it wasn’t so much a question of risk management anymore. It was of compliance with laws and regulations. So I had to go from deep technology business leader to a lawyer, and now it’s changing again.

Bjørn:

[00.14.13.05–00.14.34.19]

And I need to go into politics because now we are dealing with, as you mentioned, 196 member countries who doesn’t always see eye to eye on everything, but we still need to be there to empower them, connect them, and coordinate. And, for us to be able to do so, we need to be on good terms with all of them.

Bjørn:

[00.14.34.19–00.14.49.02]

So the role changes. Again, statement to politics, and that is also something that I find very, very rewarding with, with, making the move to, to this organization that I’m still learning and I’m still developing as a professional.

Navroop:

[00.14.49.07–00.15.10.19]

I mean, politics sounds like the last thing I would want to deal with on a daily basis, but I imagine it goes beyond politics or something. You mentioned when we had lunch in Lyon a couple of months ago. We were discussing, you know, the fact that your membership of 196 countries actually actively includes nations that are sanctioned by other member countries.

Navroop:

[00.15.10.21–00.15.34.11]

I can’t think of another place where you’ve got a customer base that is actively sanctioning each other, potentially. Right. And these are folks who have different legal systems. They’ve got different types of relative frameworks. They at times, have competing interests. So, that political reality, it must show up in quite a different way. Right. It’s, it’s how does that show up in something seemingly practical like software or SAS procurement decisions?

Bjørn:

[00.15.34.14–00.16.05.21]

Yeah. It is a very interesting question. And you are right that it does pose some challenges. We at INTERPOL, we are not a country. We’re not a nation-state. We’re independent, so we aren’t sanctioned. But you are right that if I were to procure software or service, for example, that would go deep into threat intelligence or profiling of US threat actor groups that could include nation states.

Bjørn:

[00.16.05.21–00.16.26.19]

I would not be able to do so because some of our member countries, with these technologies being developed, would impose sanctions on other member countries that are also member countries. So, which means that even though we are independent and we are not sanctioned, we can’t use that technology based on that. We have memberships, where they have sanctions against each other.

Bjørn:

[00.16.26.19–00.16.46.07]

So there are some challenges like this that I would never face in the private sector, but we need to work with what we have. And if I look at my peers, my colleagues in member countries, we are all sort of on the same team, police officers, law enforcement. We are on the same team.

Bjørn:

[00.16.46.12–00.17.22.03]

Even though the different countries’ political leadership might have disagreements, our mission is to protect and serve. I have to say this, and that is, that there is something that I find we are able to work with, even though there are broader conflicts around. But but you’re right. There are definitely challenges around procurement, certain technologies that we cannot sort of implement, etc., but yeah, that’s a part of the challenge and a part of the learnings and a part of the reason that this is a very interesting position.

Navroop:

[00.17.22.04–00.17.44.01]

I mean, but how do you solve for that then? Do you simply not adopt certain types of leading-edge technologies, or do you homegrown your own solutions? Or do you look for one of the member countries that is friendly with everyone, like the Switzerland of space, and then use only technologies developed in Switzerland?

Bjørn:

[00.17.44.04–00.18.05.01]

All of the above, I would say. The second thing is we don’t have the option of applying, and then we do a lot of work, internally as well. We have a lot of private partnerships. Obviously, as I said, we are a small, not a large organization by ourselves, but we have a lot of partners and collaborators in the private space.

Bjørn:

[00.18.05.01–00.18.32.00]

So, we do work with a lot of very smart people and a lot of companies across the world. But, yeah, you get the examples yourselves. Some technology we cannot use. Others we, we implement in-house. And then you find there are certain countries where there are no strong sanctions imposed, where we can adopt technology that’s available for use everywhere without stepping on any toes.

Navroop:

[00.18.32.02–00.18.44.10]

Looking beyond the politics, what security concerns look fundamentally different on this side of the line? What are you managing now that has no real equivalent on the private sector side? You know, Telenor or Storebrand.

Bjørn:

[00.18.44.12–00.19.07.03]

Yeah. Well, I would say it’s the prime adversary that would change, with the industry. So when I was in financial services, there would be opportunistic criminals around every corner because we were moving money, we would have anyone with a keyboard and bad intentions chasing us and our customers to make a quick buck.

Bjørn:

[00.19.07.07–00.19.41.23]

When I was in telecoms, and we didn’t hold any money, but we held information. So where are people moving around who are speaking to. What are they speaking about? This is information that is typically advanced persistent threat actors, nation states, and espionage. They would be interested in keeping an eye on political dissidents and whatnot. So we were trying to prevent these threat actors from getting to the data, and how you prevent those compared to the opportunistic script kiddies.

Bjørn:

[00.19.42.01–00.20.05.10]

It’s a very different discipline. And now, again, with law enforcement, we still do not hold money. We do not sit on the same data as a telco would. But our adversaries would be the organized crime groups that we are trying to stop. They would be very interested in what we know and how we operate.

Bjørn:

[00.20.05.12–00.20.26.11]

And, so they can be sort of a horse’s head ahead of us instead of the opposite. So. So the adversaries change. But I would say that cyber criminals, they are present both in my new domain and also in my previous domains. So it’s not that big of a challenge. It’s just that the picture of the prime adversary changes a little bit.

Navroop:

[00.20.26.16–00.20.49.13]

Switching gears to the geopolitics that we mentioned at the start of the episode, we had an episode not too long back with Christopher Hetner of the National Association of Corporate Directors, who also serves on the advisory board through the Nasdaq to corporate boards in cybersecurity. And we were exploring what rising geopolitical tensions have meant for corporate boards and their governance frameworks.

Navroop:

[00.20.49.15–00.21.03.22]

You now said somewhere quite different in that picture. So, from where you sit today, leading security for an international law enforcement body, how is that current geopolitical environment shaped the nature of collaboration among member nations on cybercrime?

Bjørn:

[00.21.04.00–00.21.37.11]

Yeah, I yeah, I touched on that a little bit in, in the in the previous answer, when I said that law enforcement agents, we are all on the same side. So even if we are from different countries, we would have the same mindset, and we would have the same mission. So it’s, it’s interesting to observe because I’m still very much a part of the global CISO infosec community, and I’m being invited to speak at a lot of events, and especially in Europe around sovereignty, which is a big thing in Europe right now.

Bjørn:

[00.21.37.13–00.21.58.00]

But I cannot because I’m independent, and I’m politically completely independent. And, I don’t have an opinion on that matter, at least from the current hat. So, but yeah, I, I live in the same world, so I see the same things. But working for INTERPOL, we are very focused on the mission, and that is fighting international crime.

Bjørn:

[00.21.58.04–00.22.28.20]

And you can ask any government in any country whether or not they appreciate having organized crime working in their society. And the answer will be no. Countries around the world spend billions on infrastructure, in digital platforms, and whatnot, and criminals are typically breaking down the trust in these institutions, in this infrastructure. So they’re sabotaging the government’s work to make things run smoothly.

Bjørn:

[00.22.28.22–00.22.50.05]

So they want them out. It’s like cleaning your lawn. So even though the geopolitical tensions are rising, we see there are many forms of collaborations that are difficult, not so much in law enforcement, not so much in chasing the organized criminals, because they are a thorn in the eye of any government in any country.

Bjørn:

[00.22.50.07–00.22.56.14]

And, yeah, we are still very much one time, the law enforcement officers, and we’re on the same side.

Navroop:

[00.22.56.17–00.23.20.12]

That is interesting. I had actually imagined that there would be cases where, you know, an organized crime group operating out of one country that isn’t necessarily victimizing their own country, but is victimizing the, you know, the countries of, of, say, someone who is actually sanctioned to their own country, where law enforcement then might actually be a little less cooperative, where the organized crime group is based out of because they didn’t hurt us.

Navroop:

[00.23.20.12–00.23.27.08]

Those hurt the guy we don’t like. You’re sake. Law enforcement’s largely on the same side, even when that happens.

Bjørn:

[00.23.27.10–00.24.03.07]

Yeah, well, there will always be some exceptions and some gray areas, but it’s also very important to understand that our adversaries and our mandate are around organized crime. International crime groups. And while a country might say that another country are criminals, that is between those two countries to sort out, there are currently a lot of conflicts going on in the world, both kinetic but also digital, hybrid warfare, that this question comes up before that.

Bjørn:

[00.24.03.11–00.24.25.10]

But how can you if country A is that can come to be in cyberspace? How can they then say, well, you know, that is a matter between those two nation-states. And that is if it’s in the air, if it’s in the water, if it’s on the ground, if it’s in cyberspace, that is a different domain of conflict than what INTERPOL and law enforcement are concerned about.

Bjørn:

[00.24.25.12–00.24.48.07]

You can see that even in every country, to have a military and to have a police force, we are not the military. We are an international law enforcement agency. So there will be gray areas. There will be locations where we need to think and give a second thought. But our Constitution says that we should be politically, racially, and religiously 100% independent.

Bjørn:

[00.24.48.09–00.24.57.00]

And, whenever there is a whiff of a conflict of interest in that domain, we will pull back, because that will not be within our mandate or within our will to operate.

Navroop:

[00.24.57.04–00.25.18.17]

So let’s switch to advice that you might actually have for, you know, those who are still in the private sector, right? For the CSOs, the internal investigations teams, and or IR practitioners who are listening to our podcast, what’s the one thing most of them consistently miss about how to engage with international law enforcement effectively? If and when they need to?

Bjørn:

[00.25.18.19–00.25.45.01]

I would say the big one here is that they forget that we exist, and public-private partnerships or relationships need to be enforced. They need to be encouraged, and they need to be worked on. And I say that this is coming from the private sector. Well, I was actively speaking against this, this rule myself. But I can understand because it’s maybe it’s our fault as well that we are being a little bit anonymous.

Bjørn:

[00.25.45.01–00.26.09.15]

We are a little bit behind the scenes. So maybe we should interact more with the private sector. And at least I’m trying to be out there and let people know that we exist. Because if you have a problem as a private organization with cybercrime or a cyber-enabled crime, maybe we sit on information about someone with the same issues or, or we have seen that this is an issue in another part of the world.

Bjørn:

[00.26.09.15–00.26.31.02]

And if we get the information, we can act on it. But if we don’t get the information, there is no way for us to understand that the problem exists. So I think it’s important for the private sector to actively reach out more. I know from the fact that it can seem futile that you try to reach out and you get no response, but it’s a two-way thing.

Bjørn:

[00.26.31.04–00.26.47.04]

So we need to react as well. Again, we’re on the same side. We have the same outcome in mind. So yeah, remember that we are here and actually try to reach out. That’s what I would say is the number one advice that I would give my previous self. You know.

Navroop:

[00.26.47.04–00.27.19.13]

It’s interesting here in the States, the Department of Homeland Security and their input or their Office of Intelligence and Analysis, they will host these events all around the country. And oftentimes the invited speakers are, you know, part of the FBI or another local law enforcement agency or, you know, security practitioners who aren’t necessarily private vendors. And so the government folks there, particularly the FBI, are always talking about the need to develop these relationships with their offices.

Navroop:

[00.27.19.15–00.27.41.21]

Now, before you actually need them. So you’re not starting from scratch. What it matters, I’m wondering, is there a similar type of initiative that INTERPOL is doing to try to get the private sector to build those relationships now? So they have the ability just because I only call someone? I mean, I actually have multiple FBI agents’ cards on my desk here right now that I’ve met throughout those DHS on events.

Navroop:

[00.27.41.23–00.27.53.04]

And they’ve all said, you know, call at a moment’s notice, right? We’ve established rapport already. We’ve built some trust. You can dialog, and I’ve got their cell phone numbers here. Is there anything like that INTERPOL is either doing or starting up?

Bjørn:

[00.27.53.06–00.28.22.21]

It’s absolutely. And we realized, as I mentioned earlier in the conversation, that while we have a few bright minds in our organization, there are a lot more outside there in, in, in the rest of the world. So, so we are starting or we have started initiatives like the, the Gateway Initiative, where we actively look for, collaborators to join us, in sharing threat intelligence, for example, which goes both ways in terms of the, of, the partnership.

Bjørn:

[00.28.22.23–00.28.55.12]

So, we are looking into it. It’s, I wouldn’t say, difficult, but a challenging environment to navigate because, as I mentioned, with certain sanctions being here and there and certain restrictions on, on what level we can collaborate, we need to make some, some choices and set some boundaries. But we do indeed have initiatives both with the private sector, the gateway initiative, and definitely also to the different law enforcement agencies, to empower across the globe.

Bjørn:

[00.28.55.12–00.29.00.02]

But could we be even better? Yes, we could, but that’s a work in progress.

Navroop:

[00.29.00.06–00.29.16.23]

Yeah. It sounds like for just like everyone else. Right? It’s all about building those relationships and the processes and the capabilities, and it’s going to be an ongoing effort. During. Before we move to our closing question, I want to just want to give the floor if there’s anything you’d like to say instead of final words. But then after that, I’ve got a kind of funny question.

Bjørn:

[00.29.16.23–00.29.36.21]

And, yeah, I think we just discussed two things now during this, during this conversation, and, if I were to give an advice to both organizations in the private sector, but also to solo practitioners who have been for a long time in the same role, I would give advice to two organizations.

Bjørn:

[00.29.36.23–00.29.59.03]

I think we need to be better at exercising. That’s a big mantra. So for me, we need to build resilience, assume bridge, and it’s fine to have things on paper, but until you have actively rehearsed and tried it out, you won’t know whether it works or not. For real, you can have an assumption, but, but yeah, you can’t know it.

Bjørn:

[00.29.59.03–00.30.27.06]

So, that is an advice that I would give in general to two organizations. As for practitioners, like myself, what I found moving from the private sector to law enforcement and in an international organization is that you always learn and you always develop yourself. And, even though this is different from what I was doing, it feels very rewarding, very fun, and very educational.

Bjørn:

[00.30.27.08–00.30.47.15]

And I would say that stepping out of your comfort zone, doing something different, only strengthens your profile, it broadens your perspective, and makes you a more interesting person in the next round. And even though it doesn’t feel like you’re there, and I have people coming up to me all the time and said at all, for your next tool, you can do whatever you want.

Bjørn:

[00.30.47.15–00.31.05.23]

And, we’ll see about that. But, but I encourage everyone to, to take the leap. And I think that the only way to develop yourself is to challenge yourself and to do something different, because doing the same thing day in and day out is not moving you in any direction. It’s keeping you in a steady state.

Navroop:

[00.31.06.02–00.31.29.09]

On both fronts. I could not agree more. Yeah, I’ll leave it at that. But now onto that, that final question. Then we’re going to go to something a little bit more fun here. So you’ve just led the coordination of a cross-border cybercrime takedown spanning INTERPOL’s full 196-member network. The kind of operation that makes headlines and reminds the adversaries of walls do eventually close in.

Navroop:

[00.31.29.13–00.31.33.01]

What’s in the glass to mark the moment? What are you celebrating with?

Bjørn:

[00.31.33.03–00.31.53.00]

Yeah, that is a funny question. And, yeah, it’s I look at my colleagues in the now in law enforcement, I’ve gauged their behavior for about half a year now. And I would say that, in general, if we’d be, it would be a single malt or a cold beer, that would be like the the go to for for most police officers.

Bjørn:

[00.31.53.00–00.32.12.04]

But now I’m in France. And as I mentioned at the beginning of the interview, it’s a lot of good food in France, which is a challenge, but there is also a lot of fantastic wine. So I am in Lyon. I would say that the village Bordeaux wine or some equivalent would, would be the beverage of choice, in the current situation.

Navroop:

[00.32.12.07–00.32.19.03]

Interesting. So, despite law enforcement leaning heavily into single malts, you would go for a nice Bordeaux.

Bjørn:

[00.32.19.05–00.32.32.19]

Okay. Yeah. Bear in mind that I’m, I’m a security practitioner. Being privileged enough to work in a law enforcement agency, I have to indulge and allow myself something in between to say.

Navroop:

[00.32.32.22–00.32.36.04]

I love it. Well, the next time in Leo, we’re going to have to go out for a drink as well.

Bjørn:

[00.32.36.09–00.32.38.12]

Let’s go for that one. Yes, I’m sure.

Navroop:

[00.32.38.14–00.32.56.17]

Absolutely. We’re going to do it. Well, Bjørn, but I just want to say thank you. I really appreciate you taking the time to come speak with us today. I know this has been a bit difficult to coordinate, but I’m glad we could really make this happen. This was exactly the kind of conversation the Lock & Key lounge exists for.

Navroop:

[00.32.56.19–00.33.17.08]

One that reminds us that the security field contains paths most people will never think to take. And that’s some of the most consequential work happening in the space, is actually happening far outside the enterprise firewall. So with that said, until next time. Wherever your career takes you, make it count. This is the Lock & Key lounge.

Matt Calligan:

[00.33.17.10–00.33.50.00]

We really hope you enjoyed this episode of the Lock & Key Lounge. If you’re a cybersecurity expert or you have a unique insight or point of view on the topic, and we know you do, we’d love to hear from you. Please email us at Lounge at ArmorText.com or our website ArmorText.com/podcast. I’m Matt Calligan, Director of Revenue Operations here at ArmorText, inviting you back here next time, where you’ll get live, unenciphered, unfiltered, stirred—never shaken—insights into the latest cybersecurity concepts.