Norway’s renewable energy sector sits inside the country’s “critical infrastructure” reality: large, distributed operational environments, heavy OT/ICS dependency, strict regulatory expectations, and an always-on requirement for reliability. As generation, grid operations, market platforms, and corporate IT become more interconnected, cybersecurity leadership in renewables increasingly means balancing resilience, compliance, and modernization—without compromising uptime. The following leaders stand out for building security programs that support safe, continuous energy delivery.
Erland Kolstad — Chief Information Security Officer, Å Energi
Erland Kolstad brings a deep public-sector and critical-infrastructure security foundation into the energy domain. Now CISO at Å Energi (and previously CISO at Agder Energi), his career reflects steady progression from hands-on ICT security advisory roles into enterprise leadership. Earlier experience at the Norwegian National Security Authority and Kripos adds a strong national-security lens—useful when guiding risk-based security strategy, incident readiness, and governance in a sector where operational continuity is non-negotiable.
Linda Charlotte Nedberge — Chief Information Security Officer, Skagerak Energi
Linda Charlotte Nedberge combines long-running energy-sector security leadership with a strong audit and standards background (including CISSP and ISO 27001 auditing). At Skagerak Energi, she has led information security as CISO while also operating as a senior advisor, grounding the program in practical governance. Her experience spans vulnerability management, penetration testing leadership, cloud validation, business continuity, and ISMS implementation, supported by consulting work and active contribution to industry collaboration through roles in the power-sector security forum.
Siw Jakobsen — Chief Information Security Officer, Eviny AS
Siw Jakobsen’s path into CISO leadership blends enterprise information security with operational, people-facing IT leadership and governance. At Eviny, she moved from Senior Advisor to CISO and has also contributed at an industry level through board leadership in the power-sector information security forum. Her earlier roles span data protection leadership, business systems and project work, and hands-on IT operations leadership—experience that translates well into security programs that must work across corporate IT, distributed operations, and regulated energy environments.
Szymon Andruchow — Chief Information Security Officer, Elhub AS
Szymon Andruchow leads security at Elhub, the national data hub for the Norwegian power market, where integrity, availability, and trusted data exchange are central. His experience shows long-term operational ownership in energy-related systems coordination, including years at Statnett, and a sustained focus on operational security. That mix—market infrastructure plus operational execution—fits a role where cybersecurity must enable stable, trusted platform services across a broad ecosystem of sector participants.
Eskild Storvik — Chief Information Security Officer, Hafslund
Eskild Storvik brings a blend of consulting and enterprise leadership into the renewables space, with CISO roles spanning Hafslund and its energy entities. His background includes security governance, ISMS development, risk and compliance, incident handling, and business continuity—plus earlier work as Deputy CISO in a major public-sector environment and leadership in complex IAM initiatives. This combination supports security programs that must scale across modern cloud initiatives while maintaining rigorous control for critical services.
Thor Aleksander Buan — Chief Information Security Officer, Ren Røros AS
Thor Aleksander Buan is a security leader with broad cross-sector experience, including energy, oil and gas, public sector, retail, food industry, and finance—useful in a renewable context that relies heavily on vendors, partners, and interconnected systems. At Ren Røros, he focuses on practical security leadership across maturity assessments, risk management, ISMS, privacy work (including DPIAs), cloud security, training, culture, and OT/ICS security. His experience with frameworks like IEC 62443, ISO 27001/27005, NSM principles, and CIS Controls aligns well with the industrial and regulatory demands typical in the energy sector.
Why Norway’s Renewable Energy Cybersecurity Leadership Matters
Renewables are no longer “just generation”—they’re digital platforms, automated operations, and ecosystem coordination. The CISOs and security leaders featured here reflect what the sector increasingly requires: security programs rooted in standards, operational reality, and resilience, while still enabling modernization. In a country where energy reliability is strategic, these leaders help ensure that the green transition stays trustworthy, safe, and continuously available.