
Sikkerhetsfestivalen 2025: Reflections and the Road Ahead for Cybersecurity
Introduction
What a festival. Sikkerhetsfestivalen 2025 – my first, and definitely not my last. The organizers and the city of Lillehammer brought together some of the sharpest companies and minds in cybersecurity, setting a clear tone that this is one of the most critical focus areas in IT today. I can’t wait for my next visit.
For those unfamiliar, Sikkerhetsfestivalen is Norway’s largest gathering on digital security: a three-day mix of talks, workshops, and networking in Lillehammer. It brings together business leaders, policymakers, researchers, and vendors to share insights and confront today’s cyber challenges head-on.
Yes, cybersecurity is finally front and center. Norwegian businesses are waking up to the fact that it’s not if but when they’ll be hacked. Still, many are struggling with the same question: where do we even begin? As one person at our booth said:
“We know security is important. But do we start with tools, training, or audits? Everyone tells us something different.”
That wasn’t unusual. Many conversations with vendors, partners, and clients began the same way – and keynote speaker Jaya Baloo echoed it.
It’s overwhelming. Media headlines amplify fear but rarely explain what really happened, how it was stopped, or what recovery looked like. Vendors sometimes make it worse with flashy slides, competitor bashing, or overselling their own product. The risk? Customers believe they’re safer than they are, or don’t understand what they’ve actually bought, if they buy anything at all.
That’s the backdrop I left Lillehammer with – and the reason for this post. Beyond the great discussions with colleagues and customers, I want to reflect on how we as an industry can better help businesses and why River Security is challenging the norm on how to deliver and attack. The way forward is transparency, clear communication of the threat landscape, and giving companies the ability to see, prioritize, and understand their digital attack surface.
After Sikkerhetsfestivalen, it’s time to cut through the noise. In this blog post, I’ll explore a pragmatic way forward: know your digital footprint, adopt an offensive mindset (what we at River Security call Active Focus), and embrace collaboration and transparency. The goal is to turn security from a fragmented puzzle into a true strategic advantage.
The First Step: Know Your Digital Footprint
Before buying tools or chasing compliance, start with a Digital Footprint assessment. This means mapping every IT asset, app, and dataset exposed online by design or by mistake. You can’t protect what you don’t know exists.
These assessments reveal forgotten servers, old domains, and shadow IT, things attackers often find first. Too many companies don’t see their systems the way an attacker does. At River Security, we make Digital Footprint the starting point of Active Focus, our Continuous Penetration Testing platform. Learn more here: Digital Footprint.
Clients tell us this approach gives them visibility of their entire exposed attack surface and the ability to fix weaknesses before they’re exploited.
Our customer Azets is an excellent example of why starting with Digital Footprint matters.
When we first engaged with them, our footprint assessment revealed previously unnoticed internet-facing services, shadow assets, and credential leaks. With that insight, Azets could prioritize weak entry points like exposed admin panels and outdated systems. From there, they moved seamlessly into Continuous Penetration Testing to monitor and test evolving exposures.
Thanks to that approach, Azets now enjoys stronger protection across their subsidiaries. They operate with better situational awareness, reduced attack surface, and faster response planning. And they don’t just detect issues — they act on them before attackers see them.
In short: mapping your digital footprint turns unknown risk into manageable insight. Build that clarity first. Then you’re ready to test how well your defenses perform in the wild.
And once that foundation is in place, the next question becomes unavoidable: how do you test your defenses the way an attacker would?
That’s where the second part of this story begins:
From Reactive to Proactive – Offense as the Best Defense (Continuous Penetration Testing)
Once you know your attack surface, the next step is to test it like an attacker would. That means adopting an offensive strategy. Too many companies still rely on one-off penetration tests or wait for defensive tools like firewalls or antivirus to raise alerts. In today’s landscape, that’s not enough. Attackers move fast and don’t follow yearly schedules, so neither can we.
Traditional penetration testing is too slow and too rare. A yearly or even quarterly test is just a snapshot. Meanwhile, new vulnerabilities are exploited within hours of disclosure. By the time reports are delivered and fixes planned, systems may already be exposed. River Security sees this often: teams lose time figuring out what to fix first, and delay always benefits attackers.
Active Focus is our answer. It flips the model from reactive to proactive. The idea is simple: attack yourself constantly, with ethical hackers and smart automation, before attackers do. If there’s a hole in the fence, we want to find it first. This “defend forward” mindset means looking at your systems from the outside-in, through an attacker’s eyes, instead of waiting behind firewalls. Read more on our approach here: Active Focus.
We combine continuous Attack Surface Monitoring with an Offensive Security Operations Center enabling Continuous Penetration Testing. Our ethical hackers and threat intelligence managers hunt for weaknesses 24/7. Automation provides coverage, while human expertise ensures nothing critical is missed. The result brings four clear benefits:
- Continuous coverage: Your attack surface is watched around the clock. If a new subdomain appears, we see it. If a zero-day hits, we check exposure immediately. During the Log4j outbreak, our system flagged a client’s vulnerable third-party component and fixed it within hours.
- Relevant findings: We don’t drown clients in raw scan data. Results are verified, tied to business impact, and prioritized. A finance client said: “We not only know about vulnerabilities and dark web disclosures, but also how they affect our business.”
- Continuous Penetration Testing: This approach gives you red team capability without building one in-house. Instead of a report that ends on delivery, we stay engaged until issues are fixed.
- Defend forward culture: Teams stop waiting for incidents and instead practice like they’re under attack every day. Think of it as fire drills for cybersecurity. Clients report moving from constant firefighting to a calmer, more controlled posture.
Traditional defenses like firewalls and monitoring remain necessary, but without an offensive lens the biggest gaps go unseen. As one CISO said at Sikkerhetsfestivalen:
“We believe that our blue team is strong, but we don’t truly know how secure we are until someone tries to break in.”
Active Focus ensures that test happens all the time, on your terms.
The business impact is equally clear. A proactive model builds confidence across leadership, speeds decision-making, and supports growth. Zaptec, a fast-growing EV-charging company, partners with River Security to gain real-time visibility and proactive protection for their expanding infrastructure. Their IT Director, Henning Berland, says: “Partnering with River Security has given us real-time visibility and proactive protection for our expanding infrastructure. Their independent guidance and hands-on approach help us make informed decisions, ensuring our technology remains secure as we grow.” Read the full Zaptec customer case here: Securing the Future of Electric Mobility with Zaptec.
In short: Active Focus turns security from a reaction into an ongoing strategy. Many mature organizations are already shifting this way. For others, it’s a chance to leapfrog ahead with the right partner.
And yet, there’s another barrier that holds many companies back: silos. Even with the right tools and testing, progress stalls if teams and organizations don’t work together.
That’s the next step:
Breaking the Silos – Why Collaboration Matters
One clear message from the festival was that no company can manage cybersecurity alone. Too much of the work remains fragmented: IT follows one track, compliance another, while outsourced SOCs monitor alerts, often with little coordination. Externally, companies hesitate to share information due to reputational or competitive concerns. The result is predictable: fragmented defenses with exploitable gaps.
It’s time to break down silos. Collaboration, inside and across organizations, is no longer optional. Internally, security teams must work directly with IT, developers, finance, and leadership. When teams stay isolated, details slip through the cracks. As one blog put it, “silos breed vulnerabilities.” Shadow IT is a simple example: an employee spins up a cloud database without oversight, leaving it unpatched and exposed. When everyone, from developers to executives, sees security as shared responsibility, blind spots shrink.
External collaboration matters just as much. Threats are systemic. The same ransomware group often targets several companies in one sector. Sharing intelligence raises defenses for all. Finance has long led the way through ISACs, and other industries are catching up. By pooling data, attack methods, compromise indicators, patterns: companies detect anomalies earlier and prevent wide-scale breaches. Think of it as neighborhood watch: when one house spots a burglar, the whole street benefits.
At River Security, collaboration is central to how we work. Continuous Penetration Testing isn’t a one-off product, it’s a partnership. We act as an extension of client teams, together with their other vendors, with shared goals and accountability. Oslo Taxi’s IT Director, Stein Waalen, put it best: “River Security doesn’t just hand over a report and walk away, they stay involved. When vulnerabilities are found, we fix them together.” See the customer case here: Future-proofing Oslo Taxi’s platform with Sicra and River Security
Our work with Oslo Taxi and Sicra shows how real partnership creates lasting security. Sicra brought in their expert consultants, while River Security handled continuous offensive testing through Digital Footprint mapping and Active Focus. Together, we built security into the platform from design to daily operations. Oslo Taxi’s IT Director later described it as one of their most successful vendor relationships, because collaboration replaced handoffs with true integration.
Leaders must foster this spirit. That could mean regular cross-team security meetings, joint incident drills with suppliers, or bringing vendors in as partners rather than contractors. Cybersecurity truly takes a village: engineers, developers, analysts, providers, even law enforcement. The festival showed the power of gathering diverse stakeholders. Now it’s on us to apply that spirit every day.
Breaking silos delivers stronger defenses, quicker responses, and better morale. Teams feel less isolated when working together, and more confident when responsibility is shared. And when incidents happen, as they always will, collaborative networks ensure faster recovery with broader support. Attackers already collaborate. Defenders must do the same.
But collaboration alone isn’t enough. To truly improve, we must also change the culture around mistakes and incidents.
That leads to the next theme:
Learning from Challenges – Transparency Over Fear
One cultural shift we need after Sikkerhetsfestivalen is openness about mistakes and lessons learned.
Cybersecurity has been weighed down by secrecy for too long. Companies hide breaches, employees fear reporting errors, and media amplifies the drama without context. This slows progress. The only way forward is honesty, what went wrong, how it was fixed, and what others can learn.
Norsk Hydro’s 2019 ransomware response set the standard. Leadership chose transparency: daily press conferences, regular updates, even journalists in recovery rooms.
“We wanted to help others learn from our experience,”
said Halvor Molland, their media lead. Instead of harming Hydro’s reputation, openness built trust and respect.
Sharing lessons benefits everyone. Aviation and healthcare have long used this model: document errors, analyze them, and share insights so others don’t repeat them. Cybersecurity needs the same. If one company falls for a phishing trick, sharing it helps peers prepare. If a misconfiguration exposes data, disclosure helps others check their own systems. The faster we share, the stronger we all get.
The media has work to do too. Headlines like “Millions of records lost” grab clicks but don’t explain causes or fixes. Fear without guidance breeds panic. The better approach is education: explain what happened, how it was mitigated, and how others can prevent it. Progress is visible, more outlets now include root causes and lessons but clickbait still dominates.
Inside companies, leaders must build a blame-free culture. If someone clicks a phishing email, the goal isn’t punishment but prevention. Maybe training needs improvement, or technical safeguards should be added. Employees must feel safe reporting incidents quickly, because silence is what makes damage worse.
At River Security, we encourage clients to join CERT/CSIRT groups and, when ready, share experiences publicly. Real stories from peers on how ransomware was contained, or how data was secured. Teach more than generic case studies. Openness also builds trust with stakeholders. When Travel Retail Norway disclosed their incident and later shared how they adopted Continuous Penetration Testing, it reassured customers more than silence ever could. Read more here: How TRN moved forward after Cyber Attack
The message is simple: transparency beats fear. Cybersecurity isn’t about never failing. It’s about learning, adapting, and improving. Companies, media, and industry groups should share more “here’s how we fixed it” stories, not just “we got hit” headlines. At River Security, we commit to being part of those conversations. Turning the lights on always makes the monsters less frightening.
Looking Ahead – An Active, Collaborative, and Resilient Security Posture
So, what now? Norway’s cybersecurity community has momentum. The challenge is to focus it where it matters most. Five priorities stand out:
- Start with visibility. You can’t secure what you don’t see. Map your digital footprint and keep mapping.
- Be proactive. Don’t wait for attackers to set the pace. Adapt a offensive mindset through Continuous Penetration Testing or internal red teams finds weaknesses before attackers do.
- Break barriers. End silos. Make security a shared task across teams, and share intelligence externally. Collective defense raises the bar for everyone.
- Align with business. Treat security as an investment. Link priorities to revenue, resilience, and growth—not just patching servers.
- Promote learning. Incidents will happen. What matters is reviewing, improving, and sharing lessons.
This is the philosophy behind Continuous Penetration Testing: visibility, testing, collaboration, and business alignment. It’s not just a service, but a way of thinking. Many at Sikkerhetsfestivalen already share this mindset. The task now is putting it into practice.
At River Security, we’ve seen how proactive testing and collaboration transform security posture. Technology helps, but people and processes make the difference. That’s why we work closely with client teams, bridging IT, developers, and management, to make security part of daily operations.
The way forward is shared responsibility and active defense. Picture an ecosystem where companies exchange intelligence, testing is continuous, and executives treat cybersecurity as fundamental to operations. This vision is achievable and already taking shape.
As we return to daily business, remember attackers won’t pause. Neither should we. Take concrete steps: run a footprint assessment, fund a pilot red-team exercise, share incident data, or bring department heads together. Every journey starts with one step.
River Security is ready to partner up. We believe in collaboration with customers, providers, and even competitors in the spirit of collective defense. Whether you’re a business leader or a security professional, we’d like to hear from you. Explore Active Focus, discuss partnership, or exchange ideas—every connection strengthens the community.
Cybersecurity is not a destination. It’s a mindset and part of the whole business. By combining active defense, collaboration, and transparency, we can move forward with confidence. Sikkerhetsfestivalen reminded us why this community matters it brings together experts, leaders, and practitioners who challenge each other and share openly. The best way to honor that spirit is to carry its lessons into our daily work and act on them together.