I have attended hundreds, if not thousands, of non-scientific and scientific talks and lectures over the years. And to be frank: A minority was excellent, some were good, most were bad, some were horrible. Naval Ravikant said: “learn to sell, learn to build, if you can do both, you will be unstoppable.” As most of my colleagues and students are great builders, I thought to spend some time on the former. Being a strong communicator is never a bad thing. There are enough geniuses stuck because they can not sell or communicate their idea.

I recognize that preparation time and…


This essay is part 2 of the short version from the findings in A Systematic Review of Cybersecurity Risks in Higher Education.

Part 1 adressed the study background, assets, and threats. Continuing where we left off, Joachim Ulven and I did a Comprehensive literature review of cyberrisks in higher education (HE). The research paper turned out quite long and the results deserve a summary. This essay firstly summarizes the findings on generic vulnerabilities in HE highligthed in the literature, with a short digression into password security. Before presenting risk analysis of common risks. Furthermore, we discuss some outcomes and consequences…


This essay is a short version of the findings from A Systematic Review of Cybersecurity Risks in Higher Education

Master student Joachim Ulven called me in late January 2020. I had never spoken to him before, but he told me that his original plans for his master’s thesis had crashed, and he had heard that there might be hopes for an assignment with the digital security section, where I worked at the time. His call came conveniently as we were just getting started with our strategic risk assessment of cybersecurity at the university. He agreed to join us and shape…


I work with risk management in information security. While I am not *that* interested in laws and regulations, they are an important part of the risk landscape. I gave a lecture on the GDPR last week where I dug into the violations and fines issued thus far from the risk management perspective. This essay is a write up of the analysis I did and contains statistics from 536 fines (issued until 31. January 2021). I look into countries, the number of penalties, sizes, distributions, and violation types/causes.

Privacy principles & Causes of GDPR fines

I will not go into specific GDPR articles in this write-up, but a…


I vår/sommer 2020 var jeg coach for det ene Norske laget som deltok i Cyber 9/12 student challenge. Dette er en årlig konkurranse i sikkerhetsledelse og rådgivning for universitet og høgskolestudenter. Konkurransen går vanligvis av stabelen i Geneve, men pga årets corona-pandemi ble den gjennomført over Zoom.

The Norwegian Cyber Chiefs! Foto: Merete Nyheim, NTNU

Les artikkelen på digi.no


Artikkel originalt publisert i Kommunerevisoren nr 6 i 2019.

I skrivende stund ligger dokumentaren Free Solo tilgjengelig på NRK nett TV. Free Solo betyr å klatre fjell alene uten sikring. Filmen handler om friklatreren Alex Hannold som har sett seg ut fjellsiden El Capitan i Yosemite nasjonalpark. El capitan er med sine 914 meter en rimelig vertikal granittfjellside med svært vanskelige klatreforhold. På overflaten fremstår det som et helt sinnsykt foretak Hannold har satt seg fore: Den sikre død i vente for å gjøre en eneste liten feil. Uten tau er det ingen konsekvensreduserende tiltak på plass hvis ulykken skulle…


This short essay is about communication strategies for working with people in our modern society. It addresses the effiency, intrusiveness, and experienced fear by employing each strategy. I figure this might be mostly relevant for introverted people like myself. (Originally published on my linkedin profile in 2017)

The Pyramid of fear

The Background

The last couple of years I have been an assistant teacher and, later, the course responsible for teaching InfoSec risk assessments (ISRA) to first-year InfoSec bachelor students at NTNU Gjøvik, Norway. The course was such that the students got divided into large teams and each got a real case to audit…


Some background on this story: I took a course in IT security rhetorics with professor Stewart Kowalski back in 2016 as a part of my Ph.D training. In the course, we were tasked with writing a Halloween cybersecurity horror story. This essay is written in oral style and I have a bit of fun with my prior experiences in cyber risk management and the security culture in general. Enjoy!

Lol. Source: https://smallbusiness.co.uk/cybercrime-halloween-horror-story-2541385/

This is the true version of a true story that took place on the other side of Mjøsa, according to many; the right side. But as you will realize after this…

Gaute Wangen

I write about my work, research, and interests. Co-founder and inventor at Diri AS. Ph.D. risk management and assistant professor in information security.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store