All articles
Every article, guide, news post, report, and press mention from the FM CyberSecurity team, newest first.
The CRA is an EU law that ties cybersecurity rules to CE marking, so a product with digital elements cannot enter the EU market without it.
CISSP signals broad security judgment and a five-year experience bar, but it does not promise hands-on depth in any single tool you buy.
An ISO 27001 Lead Implementer builds your ISMS; a Lead Auditor checks it. Hire the wrong role and your certification project stalls.
Five frameworks tell Norwegian SMBs to test security regularly. Only one mandates a human red team, and most teams overpay for the rest.
How FM CyberSecurity produces ISO 27001-defensible app pentest evidence through Aikido AI Pentest, without a manual pentest engagement, mapped to Annex A 8.29.
How to get a free trial Tenable One tenant from FM CyberSecurity, scan your own infrastructure, and walk away with a written readout you can act on.
A free CrowdStrike Falcon Identity Protection trial that shows your exposed, stale, and over-privileged accounts before you commit to anything.
When you buy privileged access management, you should talk to the practitioner who has run CyberArk at the largest scale, not a reseller.
A two-week, day-by-day walkthrough of the first vulnerability assessment FM CyberSecurity runs on Tenable One for a new Norwegian SMB customer.
The weekly, monthly, and quarterly cadence FM CyberSecurity runs on Tenable One for Norwegian SMB customers, with the people, the meetings, and the evidence trail.
Vulnerability management tells you what is broken. Exposure management tells you what can hurt the contract you just signed.
Four of us on the floor at Arrow ECS Norway's Summer Cloud Festival in Oslo. A big thanks to the Arrow crew for a great event.
A plain-English decision guide for Norwegian SMBs choosing between Nessus, Tenable Vulnerability Management, and Tenable One.
Tenable came by our Oslo office this week. Guy March took the sim for a lap on Silverstone and clocked 1:36.052.
A plain-English guide to Nessus, the Tenable scanner, including the current SKUs and how it relates to Tenable Vulnerability Management and Tenable One.
Digi.no published a Fredrik Standahl op-ed on treating AI as critical infrastructure and the Lovable breach as a warning sign.
E24 published a Fredrik Standahl op-ed on shadow AI in Norwegian workplaces and the data exposure pattern behind it.
A six-step FM CyberSecurity engagement that takes a Norwegian SMB from no Shadow AI visibility to a written policy and Falcon AIDR detection rules in one quarter.
Shadow AI is unsanctioned AI use on company data. Norwegian SMBs miss it because policy without detection is faith, and usage moves to personal devices.
A plain-English guide to what a Security Operations Centre really does, what one costs to run, and why most Norwegian SMBs should rent rather than build.
Most Norwegian SMBs do not need a standalone SIEM. Here is when you do, when your EDR already covers it, and what to do next.
Antivirus names a known bad file. EDR shows what the attacker did next. Against modern attacks you need the second answer.
FM CyberSecurity publishes through a Cloudflare Workers MCP server, gated by Microsoft Entra. No admin login, no user table, no CMS, no /forgot-password page.
CrowdStrike Falcon is one lightweight agent and a cloud console that together replace a rack of separate endpoint security tools.
How leadership teams move from compliance uncertainty to documented control, evidence that holds up under investor, customer, or regulatory due diligence.
SOC 2 can win you a US deal or burn six figures you did not need. Here is how to tell which, and how it fits ISO 27001.
A US prospect asks for your SOC 2 Type 2 report, you do not have one, and the deal stalls. Here is what it is and the decision it forces.
If Norway counts your firm as critical, you have had legal digital-security duties since October 2025, and most boards have not noticed.
Buyers increasingly require ISO 27001 certification to even let you bid, so missing it quietly drops you from shortlists you would have won.
A practical ISO 27001 checklist that takes a Norwegian small or mid-size business from "we should get certified" to a Stage 2 audit.
A ten-step DORA checklist for Norwegian banks, insurers, payment firms and asset managers, with Finanstilsynet deadlines and what to do this quarter.
A leader-facing NIS2 checklist for Norwegian SMBs, the scope self-test, who owns what, the reporting clock, what to budget, and the board questions to ask.
NIS2 obligations flow down through contracts, so you can be asked to prove security maturity even before the rule reaches Norwegian law.
We deliver every pentest through Aikido AI Pentest because the annual manual report lands in a drawer and the application ships again the next week.
We standardised on Tenable because boards buy one map of business risk, not a longer list of CVEs no one has time to read.
We run client MDR on CrowdStrike Falcon because the platform does the detection and response work a small security team cannot cover alone.
Practical compliance steps for the new EU directive, what to do this quarter, and what can wait.
A look at how CrowdStrike's agentic SOC changes the economics of 24/7 monitoring for SMBs.
Shifter published a Fredrik Standahl commentary on the security failures common in AI-driven startup development.
VG Dine Penger interviewed Fredrik Standahl on starting a cybersecurity firm in Norway and the niche's hiring boom.
Norwegian Cybersecurity Cluster profiled FM CyberSecurity's founders and our first months building the firm in Oslo.