<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>Mjølner</title>
	<atom:link href="https://mjolner.dk/en/feed/" rel="self" type="application/rss+xml" />
	<link>https://mjolner.dk/en/</link>
	<description></description>
	<lastBuildDate>Mon, 29 Jun 2026 12:14:42 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=7.0.1</generator>
	<item>
		<title>OT security in practice: How management works with the scenarios that can hit operations the hardest</title>
		<link>https://mjolner.dk/en/blog/ot-security-in-practice-how-management-works-with-the-scenarios-that-can-hit-operations-the-hardest/</link>
		
		<dc:creator><![CDATA[Laura Birkebæk]]></dc:creator>
		<pubDate>Wed, 24 Jun 2026 08:24:07 +0000</pubDate>
				<category><![CDATA[Blog]]></category>
		<category><![CDATA[Energy and Utility]]></category>
		<category><![CDATA[IT security]]></category>
		<category><![CDATA[Critical Infrastructure]]></category>
		<category><![CDATA[IT/OT]]></category>
		<category><![CDATA[Operational Technology]]></category>
		<category><![CDATA[OT-security]]></category>
		<guid isPermaLink="false">https://mjolner.dk/?p=22797</guid>

					<description><![CDATA[<p>OT security in practice: How management works with the scenarios that can hit operations the hardest When a control system becomes unavailable, vendor access fails, or a plant cannot be controlled as expected, OT security quickly becomes a matter of operations, responsibility and decision-making power. For energy and utility companies, OT security is therefore not [&#8230;]</p>
<p>Indlægget <a href="https://mjolner.dk/en/blog/ot-security-in-practice-how-management-works-with-the-scenarios-that-can-hit-operations-the-hardest/">OT security in practice: How management works with the scenarios that can hit operations the hardest</a> blev først udgivet på <a href="https://mjolner.dk/en/">Mjølner</a>.</p>
]]></description>
										<content:encoded><![CDATA[<h1>
<p>OT security in practice: How management works with the scenarios that can hit operations the hardest</p>
</h1>
<div>
<p data-start="0" data-end="202">When a control system becomes unavailable, vendor access fails, or a plant cannot be controlled as expected, OT security quickly becomes a matter of operations, responsibility and decision-making power.</p>
<p data-start="204" data-end="484">For energy and utility companies, OT security is therefore not only about protecting systems. It is about ensuring that the most important functions can continue when something goes wrong. That is why management should start with the scenarios that can hit operations the hardest.</p>
<p data-start="486" data-end="733">This is the third post in our series on OT security in the energy and utilities sector. In the first two posts, we focused on why OT security has become a management concern, and why OT cannot be handled with the same logic as classic IT security.</p>
<p data-start="735" data-end="797" data-is-last-node="" data-is-only-node="">If you have not read them yet, they are a good place to start:</p>
<p data-start="735" data-end="797" data-is-last-node="" data-is-only-node=""><a href="https://mjolner.dk/en/blog/when-it-and-ot-meet-3-classic-mistakes-management-should-avoid/">When IT and OT meet: 3 classic mistakes management should avoid</a></p>
<p data-start="735" data-end="797" data-is-last-node="" data-is-only-node=""><a href="https://mjolner.dk/en/blog/0t-security-5-tips-for-management/">New risks, new requirements: 5 OT security tips for management</a></p>
</div>
<div>
<p data-start="0" data-end="186">With that as our starting point, we now move from recognition to practice. Because once management has understood why OT security requires a different approach, the key question becomes:</p>
<p data-start="188" data-end="229"><strong>How do you work with OT risk in practice?</strong></p>
<p data-start="231" data-end="599">The perspectives in this post are based on experience and recommendations from Mjølner’s domain experts in the energy and utilities sector, <a href="https://www.linkedin.com/in/jakobhviid/">Jakob Hviid</a> and <a href="https://www.linkedin.com/in/andr%C3%A9-bryde-alnor-664ba615/">André Bryde Alnor</a>, as well as our partner <a href="https://www.linkedin.com/in/jhartig/">Jørgen Hartig</a> from <a href="https://securiot.dk/frontpage/">SecuriOT</a>. They work with security, operations and digitalisation in environments where resilience, uptime and responsible decision-making are critical.</p>
<p data-start="601" data-end="833">Many organisations start with what is easiest to identify: physical security, access control, network segmentation or individual technical controls. All of these are relevant. But they are not necessarily where the risk is greatest.</p>
<p data-start="835" data-end="923">For OT security to create real value, management should start with a different question:</p>
<p data-start="925" data-end="998"><strong>What could, in practice, stop or seriously affect our ability to deliver?</strong></p>
<p data-start="1000" data-end="1130">That question moves the work from general security measures to concrete scenarios that management can prioritise, test and act on.</p>
<h2 data-start="1132" data-end="1175">Start with what absolutely needs to work</h2>
<p data-start="1177" data-end="1302">A good starting point for OT security is not a long list of technical measures. It is a more fundamental management question:</p>
<p data-start="1304" data-end="1379">Which functions absolutely need to work for us to deliver our core service?</p>
<p data-start="1381" data-end="1629" data-is-last-node="" data-is-only-node="">Because OT security is not first and foremost about protecting technology. It is about protecting the organisation’s ability to function. About ensuring that electricity, heat, water or production can be maintained &#8211; even when something goes wrong.</p>
</div>
<blockquote>
<p>”The essential function in our supply or production is supported by a number of sub-functions that need to be in place for everything to work optimally. These sub-functions are always supported by systems such as servers, networks and applications. If these systems fail, we come to a standstill. That is why clarifying what is acceptable, what is most critical, and how we get back up and running should be central focus points in this process.”</p>
<footer>
<p>                <cite>emphasises Jørgen Hartig, Director, Strategic Advisor and Partner at SecuriOT.</cite></p>
</footer>
</blockquote>
<div>
<p data-start="0" data-end="201">This is a crucial distinction. While IT security often starts from access, data and system protection, OT security is largely based on the ability of operations to continue &#8211; even when something fails.</p>
<p data-start="203" data-end="450" data-is-last-node="" data-is-only-node="">Jakob Hviid, Senior Solution Architect at Mjølner, points to the same fundamental difference between the two worlds. While IT can often respond to an incident by shutting down, isolating or quickly changing systems, the premise is different in OT:</p>
</div>
<blockquote>
<p>“In the OT world, it is about how you maintain the highest possible uptime. Security has a different perspective. It is also about physical infrastructure, spare parts, redundancy and contingency plans.”</p>
</blockquote>
<div>
</div>
<div>
<h2 data-start="0" data-end="46">Shift the focus from assets to consequences</h2>
<p data-start="48" data-end="107">Many organisations are used to thinking in terms of assets:</p>
<ul>
<li data-start="109" data-end="250">Which plants or systems are the most expensive?</li>
<li data-start="109" data-end="250">Which components are the most difficult to replace?</li>
<li data-start="109" data-end="250">What is technically the most complex?</li>
</ul>
<p data-start="252" data-end="395">These are relevant questions. But they are not enough. A more mature approach is to shift the focus from plants and components to consequences:</p>
<ul>
<li data-start="252" data-end="395">What happens if an essential function fails?</li>
<li data-start="252" data-end="395">What happens if a central system is unavailable for several days?</li>
<li data-start="252" data-end="395">What happens if a supplier connection disappears at the wrong time?</li>
<li data-start="252" data-end="395">What happens if a failure in one system spreads to other parts of operations?</li>
</ul>
<p data-start="661" data-end="843">For management, this provides a stronger basis for decision-making. When the consequence is clear, it becomes easier to prioritise the initiatives that actually reduce risk the most.</p>
<h2 data-start="845" data-end="898">The consequences do not stop at the OT environment</h2>
<p data-start="900" data-end="1057" data-is-last-node="" data-is-only-node="">An OT incident rarely affects only one system or one plant. It can impact the entire value chain around operations, production, troubleshooting and recovery.</p>
</div>
<blockquote>
<p>&#8220;You may have secured your OT network as well as possible. But if operations depend on systems, processes or suppliers outside OT, you may still be vulnerable — both to attacks and in terms of getting production back up and running after an outage.&#8221;</p>
<footer>
<p>                <cite>explains André Bryde Alnor, Energy Solution Strategist at Mjølner</cite></p>
</footer>
</blockquote>
<div>
<p class="isSelectedEnd"><span>We often see this in practice. Many organisations have a good overview of their physical assets, but less insight into the dependencies surrounding them.</span></p>
<p class="isSelectedEnd"><span>These may include order flows, supplier access, support processes, data exchange, internal workflows or key personnel who turn out to be critical when something goes wrong.</span></p>
<p class="isSelectedEnd"><span>That is why it is not enough to ask whether the OT environment is protected. Management must also ask:</span></p>
<p class="isSelectedEnd"><strong>Which parts of the value chain do operations depend on — and how quickly can we return to stable operations if they fail?</strong></p>
<h2><span>Build a few scenarios that really hurt</span></h2>
<p><span>One of the most useful approaches is also one of the simplest: Do not start with everything. Start with a few scenarios that would have serious consequences if they became reality.</span></p>
</div>
<blockquote>
<p>”Try to define 5-6 scenarios where you can say: If this happened, it would really hurt operations.&#8221;</p>
<footer>
<p>                <cite>states Jakob Hviid, Senior Solution Architect at Mjølner</cite></p>
</footer>
</blockquote>
<div>
<p class="isSelectedEnd"><span>It is good advice because it forces the organisation to prioritise. Instead of trying to map every conceivable risk, management can begin with a limited number of incidents that would have serious consequences for operations, supply, safety or reputation.</span></p>
<p class="isSelectedEnd"><span>These could, for example, be scenarios such as:</span></p>
<ul>
<li class="isSelectedEnd"><span>A central control system is unavailable for several days</span></li>
<li class="isSelectedEnd"><span>An external supplier loses access to a critical environment</span></li>
<li class="isSelectedEnd"><span>A plant cannot be controlled as expected</span></li>
<li class="isSelectedEnd"><span>An incident in one system affects other parts of operations</span></li>
<li class="isSelectedEnd"><span>A key person or critical support function is unavailable during an incident</span></li>
</ul>
<p class="isSelectedEnd"><span>The scenarios do not have to be perfect from the start. What matters is that they are concrete enough for the organisation to begin asking the right questions.</span></p>
<h2><span>Make time part of the risk</span></h2>
<p class="isSelectedEnd"><span>A scenario becomes far more useful when you add time.</span></p>
<p class="isSelectedEnd"><span>It is one thing to say that a system can go down. It is another to ask what it means if it is down for 24, 48 or 72 hours. Then the risk becomes concrete: How long can the function be affected before it impacts supply, safety or operations? Which emergency processes can keep operations running in the meantime? And which suppliers, spare parts or key people are critical to returning to stable operations?</span></p>
<p class="isSelectedEnd"><span>Scenario thinking connects security with contingency planning, recovery and concrete courses of action.</span></p>
<h2><span>Use the scenarios to prioritise correctly</span></h2>
<p class="isSelectedEnd"><span>When the most important scenarios are clear, it becomes easier to determine which investments actually reduce risk the most.</span></p>
<p class="isSelectedEnd"><span>This could be technical controls, better visibility into the OT landscape, tighter management of supplier access, contingency plans, testing, spare parts or clear decision paths during an incident.</span></p>
<p class="isSelectedEnd"><span>What matters is that prioritisation is based on the consequence for operations and supply &#8211; not only on what is easiest to implement.</span></p>
<p><span>Jakob puts the difference like this:</span></p>
</div>
<blockquote>
<p>“On the IT side, it is often about protecting data from unauthorised access. In OT, maintaining the value chain plays a much larger role.”</p>
</blockquote>
<div>
<p class="isSelectedEnd"><span>In OT, it is precisely the ability to maintain the value chain that must guide the work.</span></p>
<h2><span>OT risk requires several perspectives</span></h2>
<p class="isSelectedEnd"><span>Scenario work cannot be handled by one function alone.</span></p>
<p class="isSelectedEnd"><span>There must be clear ownership, but the work only becomes strong when several relevant perspectives are brought into play. OT risk rarely arises in one place. It arises in the interaction between plant operations, IT, suppliers, contingency planning and the business.</span></p>
<p class="isSelectedEnd"><span>That is why the scenarios should not only be assessed by OT specialists. They should be reviewed together with the functions that need to act if the scenario becomes reality.</span></p>
<p class="isSelectedEnd"><span>For management, the task is to establish a structure where the relevant disciplines work together to assess risk, consequence and possible actions. Otherwise, OT security risks becoming either an isolated specialist project or a risk register with no real impact on operations.</span></p>
<h2><span>From concern to decision</span></h2>
<p class="isSelectedEnd"><span>OT security only becomes truly valuable when it moves from being a diffuse concern to becoming a way to make better decisions.</span></p>
<p class="isSelectedEnd"><span>That is exactly what scenario thinking can do.</span></p>
<p class="isSelectedEnd"><span>It helps the organisation focus on what matters most. It makes risk concrete. It creates a shared language between management, operations and specialists. And it makes it easier to prioritise both investments and initiatives.</span></p>
<p class="isSelectedEnd"><span>Management can start with four questions:</span></p>
<ol>
<li class="isSelectedEnd"><span>Which functions absolutely need to work for us to deliver our core service?</span></li>
<li class="isSelectedEnd"><span>Which 5-6 scenarios would hit operations the hardest?</span></li>
<li class="isSelectedEnd"><span>How long can we tolerate central systems or supplier connections being unavailable?</span><br /><span></span></li>
<li class="isSelectedEnd"><span>Who owns the responsibility for testing, prioritising and following up?</span></li>
</ol>
<p class="isSelectedEnd"><span>The most important thing is not to find all the answers at once.</span></p>
<p class="isSelectedEnd"><span>The most important thing is to get started with the few scenarios that really matter. Because once they are clear, it also becomes clearer which systems, processes, suppliers and decisions are truly critical.</span></p>
<p><span>At Mjølner, we help energy and utility companies translate OT risk into concrete scenarios, priorities and decision-making foundations that management, operations and specialists can act on.</span></p>
</div>
<div>
<h3>Do you want to strengthen OT security without obstructing operations?</h3>
<div>
<p>When IT and OT converge, there is rarely one standard solution. Have an informal conversation with André about how you can strengthen OT security without compromising operations, uptime and safety.</p>
</div>
</div>
<div>
<h3>Email</h3>
<p>aba@mjolner.dk</p>
</div>
<div>
<h3>Phone</h3>
<p>+45 23 46 04 45</p>
</div>
<div>
<div class="_form_41"></div>
<p><script src="https://mjolnerinformatics.activehosted.com/f/embed.php?id=41" charset="utf-8"></script>
</div>
<p><span id="more-22797"></span><br />
<!-- {"type":"layout","children":[{"type":"section","props":{"image_position":"center-center","style":"default","title_breakpoint":"xl","title_position":"top-left","title_rotation":"left","vertical_align":"","width":"default"},"children":[{"type":"row","children":[{"type":"column","props":{"image_position":"center-center","position_sticky_breakpoint":"m"},"children":[{"type":"headline","props":{"content":"

<p>OT security in practice: How management works with the scenarios that can hit operations the hardest<\/p>","title_element":"h1"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p data-start=\"0\" data-end=\"202\">When a control system becomes unavailable, vendor access fails, or a plant cannot be controlled as expected, OT security quickly becomes a matter of operations, responsibility and decision-making power.<\/p>\n

<p data-start=\"204\" data-end=\"484\">For energy and utility companies, OT security is therefore not only about protecting systems. It is about ensuring that the most important functions can continue when something goes wrong. That is why management should start with the scenarios that can hit operations the hardest.<\/p>\n

<p data-start=\"486\" data-end=\"733\">This is the third post in our series on OT security in the energy and utilities sector. In the first two posts, we focused on why OT security has become a management concern, and why OT cannot be handled with the same logic as classic IT security.<\/p>\n

<p data-start=\"735\" data-end=\"797\" data-is-last-node=\"\" data-is-only-node=\"\">If you have not read them yet, they are a good place to start:<\/p>\n

<p data-start=\"735\" data-end=\"797\" data-is-last-node=\"\" data-is-only-node=\"\"><a href=\"https:\/\/mjolner.dk\/en\/blog\/when-it-and-ot-meet-3-classic-mistakes-management-should-avoid\/\">When IT and OT meet: 3 classic mistakes management should avoid<\/a><\/p>\n

<p data-start=\"735\" data-end=\"797\" data-is-last-node=\"\" data-is-only-node=\"\"><a href=\"https:\/\/mjolner.dk\/en\/blog\/0t-security-5-tips-for-management\/\">New risks, new requirements: 5 OT security tips for management<\/a><\/p>","margin":"default"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p data-start=\"0\" data-end=\"186\">With that as our starting point, we now move from recognition to practice. Because once management has understood why OT security requires a different approach, the key question becomes:<\/p>\n

<p data-start=\"188\" data-end=\"229\"><strong>How do you work with OT risk in practice?<\/strong><\/p>\n

<p data-start=\"231\" data-end=\"599\">The perspectives in this post are based on experience and recommendations from Mj\u00f8lner\u2019s domain experts in the energy and utilities sector, <a href=\"https:\/\/www.linkedin.com\/in\/jakobhviid\/\">Jakob Hviid<\/a> and <a href=\"https:\/\/www.linkedin.com\/in\/andr%C3%A9-bryde-alnor-664ba615\/\">Andr\u00e9 Bryde Alnor<\/a>, as well as our partner <a href=\"https:\/\/www.linkedin.com\/in\/jhartig\/\">J\u00f8rgen Hartig<\/a> from <a href=\"https:\/\/securiot.dk\/frontpage\/\">SecuriOT<\/a>. They work with security, operations and digitalisation in environments where resilience, uptime and responsible decision-making are critical.<\/p>\n

<p data-start=\"601\" data-end=\"833\">Many organisations start with what is easiest to identify: physical security, access control, network segmentation or individual technical controls. All of these are relevant. But they are not necessarily where the risk is greatest.<\/p>\n

<p data-start=\"835\" data-end=\"923\">For OT security to create real value, management should start with a different question:<\/p>\n

<p data-start=\"925\" data-end=\"998\"><strong>What could, in practice, stop or seriously affect our ability to deliver?<\/strong><\/p>\n

<p data-start=\"1000\" data-end=\"1130\">That question moves the work from general security measures to concrete scenarios that management can prioritise, test and act on.<\/p>\n

<h2 data-start=\"1132\" data-end=\"1175\">Start with what absolutely needs to work<\/h2>\n

<p data-start=\"1177\" data-end=\"1302\">A good starting point for OT security is not a long list of technical measures. It is a more fundamental management question:<\/p>\n

<p data-start=\"1304\" data-end=\"1379\">Which functions absolutely need to work for us to deliver our core service?<\/p>\n

<p data-start=\"1381\" data-end=\"1629\" data-is-last-node=\"\" data-is-only-node=\"\">Because OT security is not first and foremost about protecting technology. It is about protecting the organisation\u2019s ability to function. About ensuring that electricity, heat, water or production can be maintained - even when something goes wrong.<\/p>","margin":"default"}},{"type":"quotation","props":{"author":"emphasises J\u00f8rgen Hartig, Director, Strategic Advisor and Partner at SecuriOT.","content":"

<p>\u201dThe essential function in our supply or production is supported by a number of sub-functions that need to be in place for everything to work optimally. These sub-functions are always supported by systems such as servers, networks and applications. If these systems fail, we come to a standstill. That is why clarifying what is acceptable, what is most critical, and how we get back up and running should be central focus points in this process.\u201d<\/p>"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p data-start=\"0\" data-end=\"201\">This is a crucial distinction. While IT security often starts from access, data and system protection, OT security is largely based on the ability of operations to continue - even when something fails.<\/p>\n

<p data-start=\"203\" data-end=\"450\" data-is-last-node=\"\" data-is-only-node=\"\">Jakob Hviid, Senior Solution Architect at Mj\u00f8lner, points to the same fundamental difference between the two worlds. While IT can often respond to an incident by shutting down, isolating or quickly changing systems, the premise is different in OT:<\/p>","margin":"default"}},{"type":"quotation","props":{"content":"

<p>\u201cIn the OT world, it is about how you maintain the highest possible uptime. Security has a different perspective. It is also about physical infrastructure, spare parts, redundancy and contingency plans.\u201d<\/p>"}},{"type":"html","props":{"content":"

"},"name":"\u2013 ekstra luft \u2013"},{"type":"text","props":{"column_breakpoint":"m","content":"

<h2 data-start=\"0\" data-end=\"46\">Shift the focus from assets to consequences<\/h2>\n

<p data-start=\"48\" data-end=\"107\">Many organisations are used to thinking in terms of assets:<\/p>\n

<ul>\n

<li data-start=\"109\" data-end=\"250\">Which plants or systems are the most expensive?<\/li>\n

<li data-start=\"109\" data-end=\"250\">Which components are the most difficult to replace?<\/li>\n

<li data-start=\"109\" data-end=\"250\">What is technically the most complex?<\/li>\n<\/ul>\n

<p data-start=\"252\" data-end=\"395\">These are relevant questions. But they are not enough. A more mature approach is to shift the focus from plants and components to consequences:<\/p>\n

<ul>\n

<li data-start=\"252\" data-end=\"395\">What happens if an essential function fails?<\/li>\n

<li data-start=\"252\" data-end=\"395\">What happens if a central system is unavailable for several days?<\/li>\n

<li data-start=\"252\" data-end=\"395\">What happens if a supplier connection disappears at the wrong time?<\/li>\n

<li data-start=\"252\" data-end=\"395\">What happens if a failure in one system spreads to other parts of operations?<\/li>\n<\/ul>\n

<p data-start=\"661\" data-end=\"843\">For management, this provides a stronger basis for decision-making. When the consequence is clear, it becomes easier to prioritise the initiatives that actually reduce risk the most.<\/p>\n

<h2 data-start=\"845\" data-end=\"898\">The consequences do not stop at the OT environment<\/h2>\n

<p data-start=\"900\" data-end=\"1057\" data-is-last-node=\"\" data-is-only-node=\"\">An OT incident rarely affects only one system or one plant. It can impact the entire value chain around operations, production, troubleshooting and recovery.<\/p>","margin":"default"}},{"type":"quotation","props":{"author":"explains Andr\u00e9 Bryde Alnor, Energy Solution Strategist at Mj\u00f8lner","content":"

<p>\"You may have secured your OT network as well as possible. But if operations depend on systems, processes or suppliers outside OT, you may still be vulnerable \u2014 both to attacks and in terms of getting production back up and running after an outage.\"<\/p>"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p class=\"isSelectedEnd\"><span>We often see this in practice. Many organisations have a good overview of their physical assets, but less insight into the dependencies surrounding them.<\/span><\/p>\n

<p class=\"isSelectedEnd\"><span>These may include order flows, supplier access, support processes, data exchange, internal workflows or key personnel who turn out to be critical when something goes wrong.<\/span><\/p>\n

<p class=\"isSelectedEnd\"><span>That is why it is not enough to ask whether the OT environment is protected. Management must also ask:<\/span><\/p>\n

<p class=\"isSelectedEnd\"><strong>Which parts of the value chain do operations depend on \u2014 and how quickly can we return to stable operations if they fail?<\/strong><\/p>\n

<h2><span>Build a few scenarios that really hurt<\/span><\/h2>\n

<p><span>One of the most useful approaches is also one of the simplest: Do not start with everything. Start with a few scenarios that would have serious consequences if they became reality.<\/span><\/p>","margin":"default"}},{"type":"quotation","props":{"author":"states Jakob Hviid, Senior Solution Architect at Mj\u00f8lner","content":"

<p>\u201dTry to define 5-6 scenarios where you can say: If this happened, it would really hurt operations.\"<\/p>"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p class=\"isSelectedEnd\"><span>It is good advice because it forces the organisation to prioritise. Instead of trying to map every conceivable risk, management can begin with a limited number of incidents that would have serious consequences for operations, supply, safety or reputation.<\/span><\/p>\n

<p class=\"isSelectedEnd\"><span>These could, for example, be scenarios such as:<\/span><\/p>\n

<ul>\n

<li class=\"isSelectedEnd\"><span>A central control system is unavailable for several days<\/span><\/li>\n

<li class=\"isSelectedEnd\"><span>An external supplier loses access to a critical environment<\/span><\/li>\n

<li class=\"isSelectedEnd\"><span>A plant cannot be controlled as expected<\/span><\/li>\n

<li class=\"isSelectedEnd\"><span>An incident in one system affects other parts of operations<\/span><\/li>\n

<li class=\"isSelectedEnd\"><span>A key person or critical support function is unavailable during an incident<\/span><\/li>\n<\/ul>\n

<p class=\"isSelectedEnd\"><span>The scenarios do not have to be perfect from the start. What matters is that they are concrete enough for the organisation to begin asking the right questions.<\/span><\/p>\n

<h2><span>Make time part of the risk<\/span><\/h2>\n

<p class=\"isSelectedEnd\"><span>A scenario becomes far more useful when you add time.<\/span><\/p>\n

<p class=\"isSelectedEnd\"><span>It is one thing to say that a system can go down. It is another to ask what it means if it is down for 24, 48 or 72 hours. Then the risk becomes concrete: How long can the function be affected before it impacts supply, safety or operations? Which emergency processes can keep operations running in the meantime? And which suppliers, spare parts or key people are critical to returning to stable operations?<\/span><\/p>\n

<p class=\"isSelectedEnd\"><span>Scenario thinking connects security with contingency planning, recovery and concrete courses of action.<\/span><\/p>\n

<h2><span>Use the scenarios to prioritise correctly<\/span><\/h2>\n

<p class=\"isSelectedEnd\"><span>When the most important scenarios are clear, it becomes easier to determine which investments actually reduce risk the most.<\/span><\/p>\n

<p class=\"isSelectedEnd\"><span>This could be technical controls, better visibility into the OT landscape, tighter management of supplier access, contingency plans, testing, spare parts or clear decision paths during an incident.<\/span><\/p>\n

<p class=\"isSelectedEnd\"><span>What matters is that prioritisation is based on the consequence for operations and supply - not only on what is easiest to implement.<\/span><\/p>\n

<p><span>Jakob puts the difference like this:<\/span><\/p>","margin":"default"}},{"type":"quotation","props":{"content":"

<p>\u201cOn the IT side, it is often about protecting data from unauthorised access. In OT, maintaining the value chain plays a much larger role.\u201d<\/p>"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p class=\"isSelectedEnd\"><span>In OT, it is precisely the ability to maintain the value chain that must guide the work.<\/span><\/p>\n

<h2><span>OT risk requires several perspectives<\/span><\/h2>\n

<p class=\"isSelectedEnd\"><span>Scenario work cannot be handled by one function alone.<\/span><\/p>\n

<p class=\"isSelectedEnd\"><span>There must be clear ownership, but the work only becomes strong when several relevant perspectives are brought into play. OT risk rarely arises in one place. It arises in the interaction between plant operations, IT, suppliers, contingency planning and the business.<\/span><\/p>\n

<p class=\"isSelectedEnd\"><span>That is why the scenarios should not only be assessed by OT specialists. They should be reviewed together with the functions that need to act if the scenario becomes reality.<\/span><\/p>\n

<p class=\"isSelectedEnd\"><span>For management, the task is to establish a structure where the relevant disciplines work together to assess risk, consequence and possible actions. Otherwise, OT security risks becoming either an isolated specialist project or a risk register with no real impact on operations.<\/span><\/p>\n

<h2><span>From concern to decision<\/span><\/h2>\n

<p class=\"isSelectedEnd\"><span>OT security only becomes truly valuable when it moves from being a diffuse concern to becoming a way to make better decisions.<\/span><\/p>\n

<p class=\"isSelectedEnd\"><span>That is exactly what scenario thinking can do.<\/span><\/p>\n

<p class=\"isSelectedEnd\"><span>It helps the organisation focus on what matters most. It makes risk concrete. It creates a shared language between management, operations and specialists. And it makes it easier to prioritise both investments and initiatives.<\/span><\/p>\n

<p class=\"isSelectedEnd\"><span>Management can start with four questions:<\/span><\/p>\n

<ol>\n

<li class=\"isSelectedEnd\"><span>Which functions absolutely need to work for us to deliver our core service?<\/span><\/li>\n

<li class=\"isSelectedEnd\"><span>Which 5-6 scenarios would hit operations the hardest?<\/span><\/li>\n

<li class=\"isSelectedEnd\"><span>How long can we tolerate central systems or supplier connections being unavailable?<\/span><br \/><span><\/span><\/li>\n

<li class=\"isSelectedEnd\"><span>Who owns the responsibility for testing, prioritising and following up?<\/span><\/li>\n<\/ol>\n

<p class=\"isSelectedEnd\"><span>The most important thing is not to find all the answers at once.<\/span><\/p>\n

<p class=\"isSelectedEnd\"><span>The most important thing is to get started with the few scenarios that really matter. Because once they are clear, it also becomes clearer which systems, processes, suppliers and decisions are truly critical.<\/span><\/p>\n

<p><span>At Mj\u00f8lner, we help energy and utility companies translate OT risk into concrete scenarios, priorities and decision-making foundations that management, operations and specialists can act on.<\/span><\/p>","margin":"default"}}]}]}]},{"type":"section","props":{"image_position":"center-center","padding_remove_top":true,"style":"default","title_breakpoint":"xl","title_position":"top-left","title_rotation":"left","vertical_align":"middle","width":"default"},"children":[{"type":"row","props":{"layout":"1-2,1-2"},"children":[{"type":"column","props":{"image_position":"center-center","position_sticky_breakpoint":"m","width_medium":"1-2"},"children":[{"type":"panel","props":{"content":"

<p>When IT and OT converge, there is rarely one standard solution. Have an informal conversation with Andr\u00e9 about how you can strengthen OT security without compromising operations, uptime and safety.<\/p>","content_column_breakpoint":"m","icon_width":80,"image_align":"top","image_grid_breakpoint":"m","image_grid_width":"1-2","image_svg_color":"emphasis","link_style":"default","link_text":"Read more","margin":"default","meta_align":"below-title","meta_element":"div","meta_style":"text-meta","title":"Do you want to strengthen OT security without obstructing operations?","title_align":"top","title_element":"h3","title_grid_breakpoint":"m","title_grid_width":"1-2","title_hover_style":"reset","title_style":"h3"}},{"type":"fragment","children":[{"type":"row","props":{"layout":"1-2,1-2"},"children":[{"type":"column","props":{"image_position":"center-center","position_sticky_breakpoint":"m","width_medium":"1-2"},"children":[{"type":"image","props":{"image_border":"rounded","image_height":"800","image_svg_color":"emphasis","image_width":"600","margin":"default"},"source":{"query":{"name":"#parent"},"props":{"image":{"filters":{"search":""},"name":"field.billede.url"}}}}]},{"type":"column","props":{"image_position":"center-center","position_sticky_breakpoint":"m","width_medium":"1-2"},"children":[{"type":"panel","props":{"content_column_breakpoint":"m","content_margin":"remove","icon_width":80,"image_align":"top","image_grid_breakpoint":"m","image_grid_width":"1-2","image_svg_color":"emphasis","link_style":"default","link_text":"Read more","margin":"default","meta_align":"below-title","meta_element":"div","meta_style":"text-meta","title_align":"top","title_element":"h3","title_grid_breakpoint":"m","title_grid_width":"1-2","title_hover_style":"reset","title_style":"h5"},"source":{"query":{"name":"#parent"},"props":{"title":{"filters":{"search":""},"name":"title"},"content":{"filters":{"search":""},"name":"field.titel"}}}},{"type":"panel","props":{"content_column_breakpoint":"m","content_margin":"remove","icon_width":80,"image_align":"top","image_grid_breakpoint":"m","image_grid_width":"1-2","image_svg_color":"emphasis","link_style":"default","link_text":"","margin":"default","meta":"aba@mjolner.dk","meta_align":"below-title","meta_element":"div","meta_margin":"remove","meta_style":"text-large","panel_link":true,"title":"Email","title_align":"top","title_element":"h3","title_grid_breakpoint":"m","title_grid_width":"1-2","title_hover_style":"reset","title_style":"h6"},"source":{"query":{"name":"#parent"},"props":{"content":{"filters":{"search":""},"name":"field.e_mail"},"link":{"filters":{"search":"","before":"Mailto:"},"name":"field.e_mail"}}}},{"type":"panel","props":{"content_column_breakpoint":"m","content_margin":"remove","icon_width":80,"image_align":"top","image_grid_breakpoint":"m","image_grid_width":"1-2","image_svg_color":"emphasis","link_style":"default","link_text":"","margin":"default","meta":"+45 23 46 04 45","meta_align":"below-title","meta_element":"div","meta_margin":"remove","meta_style":"text-large","panel_link":true,"title":"Phone","title_align":"top","title_element":"h3","title_grid_breakpoint":"m","title_grid_width":"1-2","title_hover_style":"reset","title_style":"h6"},"source":{"query":{"name":"#parent"},"props":{"content":{"filters":{"search":""},"name":"field.telefon"},"link":{"filters":{"search":"","before":"Tel:"},"name":"field.telefon"}}}}]}]}],"props":{"margin":"default"},"name":"kontaktformular EN","source":{"query":{"name":"medarbejdere.customTeam","arguments":{"terms":[],"category_operator":"IN","users":[],"users_operator":"IN","offset":0,"order":"date","order_direction":"DESC","id":15864}}}}]},{"type":"column","props":{"image_position":"center-center","position_sticky_breakpoint":"m","width_medium":"1-2"},"children":[{"type":"html","props":{"content":"

<div class=\"_form_41\"><\/div><script src=\"https:\/\/mjolnerinformatics.activehosted.com\/f\/embed.php?id=41\" charset=\"utf-8\"><\/script>"},"name":"HTML EN"}]}]}]}],"version":"4.4.2","yooessentialsVersion":"2.2.14"} --></p>
<p>Indlægget <a href="https://mjolner.dk/en/blog/ot-security-in-practice-how-management-works-with-the-scenarios-that-can-hit-operations-the-hardest/">OT security in practice: How management works with the scenarios that can hit operations the hardest</a> blev først udgivet på <a href="https://mjolner.dk/en/">Mjølner</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Agentic Coding</title>
		<link>https://mjolner.dk/en/uncategorized/agentic-coding/</link>
		
		<dc:creator><![CDATA[Pernille Fisker Jensen]]></dc:creator>
		<pubDate>Tue, 23 Jun 2026 11:14:05 +0000</pubDate>
				<category><![CDATA[Uncategorized uk]]></category>
		<guid isPermaLink="false">https://mjolner.dk/?p=22660</guid>

					<description><![CDATA[<p>Agentic coding: Is your setup secure before you give the AI agent access? You have a new colleague in the office. She is tireless, fast, and extremely confident. Agentic coding can feel like having a new junior developer on the team, but she does not behave like the flesh-and-blood kind. So how do you get [&#8230;]</p>
<p>Indlægget <a href="https://mjolner.dk/en/uncategorized/agentic-coding/">Agentic Coding</a> blev først udgivet på <a href="https://mjolner.dk/en/">Mjølner</a>.</p>
]]></description>
										<content:encoded><![CDATA[<h1>
<div class="qMYqUG_convSearchResultHighlightRoot">
<div class="" data-turn-id-container="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-0" data-is-intersecting="true">
<section class="text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]" dir="auto" data-turn-id="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-0" data-turn-id-container="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-0" data-testid="conversation-turn-2" data-turn="assistant">
<div class="text-base my-auto mx-auto pb-10 [--thread-content-margin:var(--thread-content-margin-xs,calc(var(--spacing)*4))] @w-sm/main:[--thread-content-margin:var(--thread-content-margin-sm,calc(var(--spacing)*6))] @w-lg/main:[--thread-content-margin:var(--thread-content-margin-lg,calc(var(--spacing)*16))] px-(--thread-content-margin)">
<div data-conversation-screenshot-content="" class="[--thread-content-max-width:40rem] @w-lg/main:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn">
<div class="flex max-w-full flex-col gap-4 grow">
<div data-message-author-role="assistant" data-message-id="24da6c26-79b7-4c01-9849-0a7688ac3c03" dir="auto" data-message-model-slug="gpt-5-5-thinking" class="min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal outline-none keyboard-focused:focus-ring [.text-message+&amp;]:mt-1" data-turn-start-message="true" tabindex="0">
<div class="flex w-full flex-col gap-1 empty:hidden">
<div class="markdown prose dark:prose-invert wrap-break-word w-full light markdown-new-styling">
<p data-start="0" data-end="77" data-is-last-node="" data-is-only-node=""><strong data-start="0" data-end="77" data-is-last-node="" data-is-only-node="">Agentic coding: Is your setup secure before you give the AI agent access?</strong></p>
</div>
</div>
</div>
</div>
<div class="z-0 flex min-h-[46px] justify-start"></div>
<div class="mt-3 w-full empty:hidden">
<div class="text-center"></div>
</div>
</div>
</div>
</section>
</div>
</div>
<div aria-hidden="true" class="pointer-events-none -mt-px h-px translate-y-[calc(var(--scroll-root-safe-area-inset-bottom)-14*var(--spacing))]"></div>
</h1>
<div>
<p><strong>You have a new colleague in the office. She is tireless, fast, and extremely confident. Agentic coding can feel like having a new junior developer on the team, but she does not behave like the flesh-and-blood kind. So how do you get security under control before handing your new colleague the keys to everything you can access yourself?</strong></p>
<p>There is great potential in <a href="https://mjolner.dk/indsigt/blog/fra-autocomplete-til-medudvikler-60-kollegaer-dykkede-ned-i-github-copilot/">agentic coding</a>, but it also comes with risks. Because when we give AI agents access to code, we are effectively also giving them access to a range of systems, decisions, and actions that can have consequences if the setup is not properly secured.</p>
<p>In this blog post, Lead Security Engineer <a href="https://www.linkedin.com/in/madssandersen/">Mads Schaarup Andersen </a>explains where organisations should start before AI agents become a permanent part of the development environment.</p>
</div>
<div>
<h2>Get started!</h2>
<div class="" data-turn-id-container="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-4" data-is-intersecting="true">
<section class="text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]" dir="auto" data-turn-id="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-4" data-turn-id-container="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-4" data-testid="conversation-turn-10" data-turn="assistant">
<div class="text-base my-auto mx-auto pb-10 [--thread-content-margin:var(--thread-content-margin-xs,calc(var(--spacing)*4))] @w-sm/main:[--thread-content-margin:var(--thread-content-margin-sm,calc(var(--spacing)*6))] @w-lg/main:[--thread-content-margin:var(--thread-content-margin-lg,calc(var(--spacing)*16))] px-(--thread-content-margin)">
<div data-conversation-screenshot-content="" class="[--thread-content-max-width:40rem] @w-lg/main:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn">
<div class="flex max-w-full flex-col gap-4 grow">
<div data-message-author-role="assistant" data-message-id="7c31ac56-6c38-4193-bde8-58f4273a2f37" dir="auto" data-message-model-slug="gpt-5-5-thinking" class="min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal outline-none keyboard-focused:focus-ring [.text-message+&amp;]:mt-1" data-turn-start-message="true" tabindex="0">
<div class="flex w-full flex-col gap-1 empty:hidden">
<div class="markdown prose dark:prose-invert wrap-break-word w-full light markdown-new-styling">
<p data-start="0" data-end="274" data-is-last-node="" data-is-only-node="">This may seem like an obvious point, but a surprising number of organisations run into problems because they do not get started in time. As a leader, you can be absolutely certain that employees are already actively using agentic coding, whether you are ready for it or not.</p>
</div>
</div>
</div>
</div>
</div>
</div>
</section>
</div>
</div>
<blockquote>
<div class="" data-turn-id-container="00a19209-d47e-4b51-a48d-82912bda23ac" data-is-intersecting="true">
<section class="text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-(--sticky-padding-top)" dir="auto" data-turn-id="00a19209-d47e-4b51-a48d-82912bda23ac" data-turn-id-container="00a19209-d47e-4b51-a48d-82912bda23ac" data-testid="conversation-turn-11" data-turn="user"></section>
</div>
<div class="" data-turn-id-container="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-5" data-is-intersecting="true">
<section class="text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]" dir="auto" data-turn-id="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-5" data-turn-id-container="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-5" data-testid="conversation-turn-12" data-turn="assistant">
<div class="text-base my-auto mx-auto pb-10 [--thread-content-margin:var(--thread-content-margin-xs,calc(var(--spacing)*4))] @w-sm/main:[--thread-content-margin:var(--thread-content-margin-sm,calc(var(--spacing)*6))] @w-lg/main:[--thread-content-margin:var(--thread-content-margin-lg,calc(var(--spacing)*16))] px-(--thread-content-margin)">
<div data-conversation-screenshot-content="" class="[--thread-content-max-width:40rem] @w-lg/main:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn">
<div class="flex max-w-full flex-col gap-4 grow">
<div data-message-author-role="assistant" data-message-id="dc70d31c-dfe0-4db2-b491-9840822ae176" dir="auto" data-message-model-slug="gpt-5-5-thinking" class="min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal outline-none keyboard-focused:focus-ring [.text-message+&amp;]:mt-1" data-turn-start-message="true" tabindex="0">
<div class="flex w-full flex-col gap-1 empty:hidden">
<div class="markdown prose dark:prose-invert wrap-break-word w-full light markdown-new-styling">
<p data-start="0" data-end="296" data-is-last-node="" data-is-only-node="">“It is not about painting a frightening picture, but about seizing the opportunity in the fact that you have skilled employees who are already using AI tools. As management, it is your responsibility to communicate the expectations and opportunities. Even if you do not have all the answers yet”</p>
</div>
</div>
</div>
</div>
</div>
</div>
</section>
</div>
<footer>
<p>                <cite>Mads emphasises.</cite></p>
</footer>
</blockquote>
<div>
<p>AI policies and threat modelling are processes that will evolve over time. If you decide to build an elaborate framework before involving your employees, you are almost certainly already behind.</p>
</div>
<blockquote>
<div class="qMYqUG_convSearchResultHighlightRoot">
<div class="" data-turn-id-container="6e02b8a3-7a56-469c-8f7d-3e926c91fd10" data-is-intersecting="true">
<section class="text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-(--sticky-padding-top)" dir="auto" data-turn-id="6e02b8a3-7a56-469c-8f7d-3e926c91fd10" data-turn-id-container="6e02b8a3-7a56-469c-8f7d-3e926c91fd10" data-testid="conversation-turn-19" data-turn="user"></section>
</div>
<div class="" data-turn-id-container="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-9" data-is-intersecting="true">
<section class="text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]" dir="auto" data-turn-id="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-9" data-turn-id-container="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-9" data-testid="conversation-turn-20" data-turn="assistant">
<div class="text-base my-auto mx-auto pb-10 [--thread-content-margin:var(--thread-content-margin-xs,calc(var(--spacing)*4))] @w-sm/main:[--thread-content-margin:var(--thread-content-margin-sm,calc(var(--spacing)*6))] @w-lg/main:[--thread-content-margin:var(--thread-content-margin-lg,calc(var(--spacing)*16))] px-(--thread-content-margin)">
<div data-conversation-screenshot-content="" class="[--thread-content-max-width:40rem] @w-lg/main:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn">
<div class="flex max-w-full flex-col gap-4 grow">
<div data-message-author-role="assistant" data-message-id="65de32e0-cfa0-4ebf-9f7e-073c226fb676" dir="auto" data-message-model-slug="gpt-5-5-thinking" class="min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal outline-none keyboard-focused:focus-ring [.text-message+&amp;]:mt-1" data-turn-start-message="true" tabindex="0">
<div class="flex w-full flex-col gap-1 empty:hidden">
<div class="markdown prose dark:prose-invert wrap-break-word w-full light markdown-new-styling">
<p data-start="0" data-end="186" data-is-last-node="" data-is-only-node="">“It is not about achieving the highest level of maturity from day one. Ask, build, and adapt. Otherwise, you risk designing a setup that does not actually fit the developers’ workflows”</p>
</div>
</div>
</div>
</div>
<div class="z-0 flex min-h-[46px] justify-start"></div>
<div class="mt-3 w-full empty:hidden">
<div class="text-center"></div>
</div>
</div>
</div>
</section>
</div>
</div>
<div aria-hidden="true" class="pointer-events-none -mt-px h-px translate-y-[calc(var(--scroll-root-safe-area-inset-bottom)-14*var(--spacing))]"></div>
<footer>
<p>                <cite>Mads states.</cite></p>
</footer>
</blockquote>
<div>
<h2>Understand the threat model</h2>
<div class="qMYqUG_convSearchResultHighlightRoot">
<div class="" data-turn-id-container="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-12" data-is-intersecting="true">
<section class="text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]" dir="auto" data-turn-id="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-12" data-turn-id-container="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-12" data-testid="conversation-turn-26" data-turn="assistant">
<div class="text-base my-auto mx-auto pb-10 [--thread-content-margin:var(--thread-content-margin-xs,calc(var(--spacing)*4))] @w-sm/main:[--thread-content-margin:var(--thread-content-margin-sm,calc(var(--spacing)*6))] @w-lg/main:[--thread-content-margin:var(--thread-content-margin-lg,calc(var(--spacing)*16))] px-(--thread-content-margin)">
<div data-conversation-screenshot-content="" class="[--thread-content-max-width:40rem] @w-lg/main:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn">
<div class="flex max-w-full flex-col gap-4 grow">
<div data-message-author-role="assistant" data-message-id="8a0c8882-d9c7-4d0f-b30b-311c4153e206" dir="auto" data-message-model-slug="gpt-5-5-thinking" class="min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal outline-none keyboard-focused:focus-ring [.text-message+&amp;]:mt-1" data-turn-start-message="true" tabindex="0">
<div class="flex w-full flex-col gap-1 empty:hidden">
<div class="markdown prose dark:prose-invert wrap-break-word w-full light markdown-new-styling">
<p data-start="0" data-end="296" data-is-last-node="" data-is-only-node="">With AI as a partner, we are moving into new territory. And like any explorer, you need to map the terrain you are about to explore. That is why you should start with a threat model: What needs to be protected, who or what could compromise it, and what would the consequences be if that happened?</p>
</div>
</div>
</div>
</div>
</div>
</div>
</section>
</div>
</div>
</div>
<blockquote>
<div class="" data-turn-id-container="b9bc9105-33c6-423b-a58a-68abdd51d772" data-is-intersecting="true">
<section class="text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-(--sticky-padding-top)" dir="auto" data-turn-id="b9bc9105-33c6-423b-a58a-68abdd51d772" data-turn-id-container="b9bc9105-33c6-423b-a58a-68abdd51d772" data-testid="conversation-turn-27" data-turn="user"></section>
</div>
<div class="" data-turn-id-container="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-13" data-is-intersecting="true">
<section class="text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]" dir="auto" data-turn-id="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-13" data-turn-id-container="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-13" data-testid="conversation-turn-28" data-turn="assistant">
<div class="text-base my-auto mx-auto [--thread-content-margin:var(--thread-content-margin-xs,calc(var(--spacing)*4))] @w-sm/main:[--thread-content-margin:var(--thread-content-margin-sm,calc(var(--spacing)*6))] @w-lg/main:[--thread-content-margin:var(--thread-content-margin-lg,calc(var(--spacing)*16))] px-(--thread-content-margin)">
<div data-conversation-screenshot-content="" class="[--thread-content-max-width:40rem] @w-lg/main:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn">
<div class="flex max-w-full flex-col gap-4 grow">
<div data-message-author-role="assistant" data-message-id="36797ecd-c5a1-417d-973b-cdf536d4891a" dir="auto" data-message-model-slug="gpt-5-5-thinking" class="min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal outline-none keyboard-focused:focus-ring [.text-message+&amp;]:mt-1">
<div class="flex w-full flex-col gap-1 empty:hidden">
<div class="markdown prose dark:prose-invert wrap-break-word w-full light markdown-new-styling">
<p data-start="0" data-end="205" data-is-last-node="" data-is-only-node="">“Before you let AI loose in your development environment, you need to understand what is involved in an agent-based coding process. Which data flows where, and where in that flow could something go wrong?”</p>
</div>
</div>
</div>
</div>
</div>
</div>
</section>
</div>
<footer>
<p>                <cite>says Mads.</cite></p>
</footer>
</blockquote>
<div>
<div class="" data-turn-id-container="febad228-4c83-4050-aaa3-44a3591279dc" data-is-intersecting="true">
<section class="text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-(--sticky-padding-top)" dir="auto" data-turn-id="febad228-4c83-4050-aaa3-44a3591279dc" data-turn-id-container="febad228-4c83-4050-aaa3-44a3591279dc" data-testid="conversation-turn-31" data-turn="user"></section>
</div>
<div class="" data-turn-id-container="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-15" data-is-intersecting="true">
<section class="text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]" dir="auto" data-turn-id="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-15" data-turn-id-container="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-15" data-testid="conversation-turn-32" data-turn="assistant">
<div class="text-base my-auto mx-auto pb-10 [--thread-content-margin:var(--thread-content-margin-xs,calc(var(--spacing)*4))] @w-sm/main:[--thread-content-margin:var(--thread-content-margin-sm,calc(var(--spacing)*6))] @w-lg/main:[--thread-content-margin:var(--thread-content-margin-lg,calc(var(--spacing)*16))] px-(--thread-content-margin)">
<div data-conversation-screenshot-content="" class="[--thread-content-max-width:40rem] @w-lg/main:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn">
<div class="flex max-w-full flex-col gap-4 grow">
<div data-message-author-role="assistant" data-message-id="96a650c6-c1a8-470c-8082-98a269415cd0" dir="auto" data-message-model-slug="gpt-5-5-thinking" class="min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal outline-none keyboard-focused:focus-ring [.text-message+&amp;]:mt-1" data-turn-start-message="true" tabindex="0">
<div class="flex w-full flex-col gap-1 empty:hidden">
<div class="markdown prose dark:prose-invert wrap-break-word w-full light markdown-new-styling">
<p data-start="0" data-end="300">Start by understanding that there are many components at play when you work with agent-based coding. There is the model, the LLM, that you connect to; there are resources in the local environment on the developers’ machines; agent plugins, MCP servers, custom agents, and skills — just to name a few.</p>
<p data-start="302" data-end="411">By default, the agent may be able to access every part of the setup. But ask yourselves: is that appropriate?</p>
<p data-start="413" data-end="721" data-is-last-node="" data-is-only-node="">It is also important to think in terms of malicious manipulation. An agent is not only influenced by what the user writes directly. It can also be affected by so-called injection attacks, where malicious instructions are added to the workflow from, for example, a manipulated plugin or a compromised website.</p>
</div>
</div>
</div>
</div>
</div>
</div>
</section>
</div>
</div>
<div>
<h2>Upskill and involve developers</h2>
<div class="" data-turn-id-container="85aa191a-e92b-4198-b03f-f76584196de4" data-is-intersecting="true">
<section class="text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-(--sticky-padding-top)" dir="auto" data-turn-id="85aa191a-e92b-4198-b03f-f76584196de4" data-turn-id-container="85aa191a-e92b-4198-b03f-f76584196de4" data-testid="conversation-turn-35" data-turn="user"></section>
</div>
<div class="" data-turn-id-container="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-17" data-is-intersecting="true">
<section class="text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]" dir="auto" data-turn-id="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-17" data-turn-id-container="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-17" data-testid="conversation-turn-36" data-turn="assistant">
<div class="text-base my-auto mx-auto pb-10 [--thread-content-margin:var(--thread-content-margin-xs,calc(var(--spacing)*4))] @w-sm/main:[--thread-content-margin:var(--thread-content-margin-sm,calc(var(--spacing)*6))] @w-lg/main:[--thread-content-margin:var(--thread-content-margin-lg,calc(var(--spacing)*16))] px-(--thread-content-margin)">
<div data-conversation-screenshot-content="" class="[--thread-content-max-width:40rem] @w-lg/main:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn">
<div class="flex max-w-full flex-col gap-4 grow">
<div data-message-author-role="assistant" data-message-id="ca3da66f-a771-42e0-8dcc-7249776946ab" dir="auto" data-message-model-slug="gpt-5-5-thinking" class="min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal outline-none keyboard-focused:focus-ring [.text-message+&amp;]:mt-1" data-turn-start-message="true" tabindex="0">
<div class="flex w-full flex-col gap-1 empty:hidden">
<div class="markdown prose dark:prose-invert wrap-break-word w-full light markdown-new-styling">
<p data-start="0" data-end="247">Even the best rules and security measures only work if developers understand why they exist and how to use them in their day-to-day work. That is why it is the organisation’s responsibility to equip developers to work securely with agentic coding.</p>
<p data-start="249" data-end="352" data-is-last-node="" data-is-only-node="">And it is absolutely critical to both success and security that developers are involved in the process:</p>
</div>
</div>
</div>
</div>
</div>
</div>
</section>
</div>
</div>
<blockquote>
<div class="" data-turn-id-container="9a9ee462-1bab-4710-b256-3bc306c65057" data-is-intersecting="true">
<section class="text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-(--sticky-padding-top)" dir="auto" data-turn-id="9a9ee462-1bab-4710-b256-3bc306c65057" data-turn-id-container="9a9ee462-1bab-4710-b256-3bc306c65057" data-testid="conversation-turn-37" data-turn="user"></section>
</div>
<div class="" data-turn-id-container="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-18" data-is-intersecting="true">
<section class="text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]" dir="auto" data-turn-id="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-18" data-turn-id-container="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-18" data-testid="conversation-turn-38" data-turn="assistant">
<div class="text-base my-auto mx-auto pb-10 [--thread-content-margin:var(--thread-content-margin-xs,calc(var(--spacing)*4))] @w-sm/main:[--thread-content-margin:var(--thread-content-margin-sm,calc(var(--spacing)*6))] @w-lg/main:[--thread-content-margin:var(--thread-content-margin-lg,calc(var(--spacing)*16))] px-(--thread-content-margin)">
<div data-conversation-screenshot-content="" class="[--thread-content-max-width:40rem] @w-lg/main:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn">
<div class="flex max-w-full flex-col gap-4 grow">
<div data-message-author-role="assistant" data-message-id="49465d95-5cca-4cdf-be7f-3581f31a1fcc" dir="auto" data-message-model-slug="gpt-5-5-thinking" class="min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal outline-none keyboard-focused:focus-ring [.text-message+&amp;]:mt-1" data-turn-start-message="true" tabindex="0">
<div class="flex w-full flex-col gap-1 empty:hidden">
<div class="markdown prose dark:prose-invert wrap-break-word w-full light markdown-new-styling">
<p data-start="0" data-end="201">“Your employees are not going to seek out this knowledge on their own. As an organisation, you need to involve and motivate them — and, not least, listen to how developers are actually working with AI.</p>
<p data-start="203" data-end="315" data-is-last-node="" data-is-only-node="">If you do not ask, incorrect assumptions may lead you to a place where policy and practice live separate lives.”</p>
</div>
</div>
</div>
</div>
</div>
</div>
</section>
</div>
<footer>
<p>                <cite>Mads points out. </cite></p>
</footer>
</blockquote>
<div>
<p>This includes teaching developers to recognise risks such as prompt injection, insecure plugins, uncritical package installation, sharing secrets, and overly broad permissions. Use recognised resources such as <a href="https://owasp.org/">OWASP</a>, internal guidelines, and concrete examples from your own development environments to make security practical and relevant.</p>
</div>
<blockquote>
<p>“Give developers access to good security resources so they know how to protect both code and data when AI becomes part of the toolbox”</p>
<footer>
<p>                <cite>says Mads.</cite></p>
</footer>
</blockquote>
<div>
<div class="" data-turn-id-container="bf456e70-ae4e-4eeb-99c3-8945b1a65b22" data-is-intersecting="true">
<section class="text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-(--sticky-padding-top)" dir="auto" data-turn-id="bf456e70-ae4e-4eeb-99c3-8945b1a65b22" data-turn-id-container="bf456e70-ae4e-4eeb-99c3-8945b1a65b22" data-testid="conversation-turn-43" data-turn="user"></section>
</div>
<div class="" data-turn-id-container="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-21" data-is-intersecting="true">
<section class="text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]" dir="auto" data-turn-id="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-21" data-turn-id-container="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-21" data-testid="conversation-turn-44" data-turn="assistant">
<div class="text-base my-auto mx-auto pb-10 [--thread-content-margin:var(--thread-content-margin-xs,calc(var(--spacing)*4))] @w-sm/main:[--thread-content-margin:var(--thread-content-margin-sm,calc(var(--spacing)*6))] @w-lg/main:[--thread-content-margin:var(--thread-content-margin-lg,calc(var(--spacing)*16))] px-(--thread-content-margin)">
<div data-conversation-screenshot-content="" class="[--thread-content-max-width:40rem] @w-lg/main:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn">
<div class="flex max-w-full flex-col gap-4 grow">
<div data-message-author-role="assistant" data-message-id="78964c6a-4df6-4d4b-a60b-dcc91a77f67f" dir="auto" data-message-model-slug="gpt-5-5-thinking" class="min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal outline-none keyboard-focused:focus-ring [.text-message+&amp;]:mt-1" data-turn-start-message="true" tabindex="0">
<div class="flex w-full flex-col gap-1 empty:hidden">
<div class="markdown prose dark:prose-invert wrap-break-word w-full light markdown-new-styling">
<p data-start="0" data-end="189" data-is-last-node="" data-is-only-node="">At the same time, developers should know when to pause and ask for approval — for example, before the agent is given access to new tools, external services, production data, or credentials.</p>
</div>
</div>
</div>
</div>
</div>
</div>
</section>
</div>
</div>
<div>
<h2>Establish governance and risk management</h2>
<div class="qMYqUG_convSearchResultHighlightRoot">
<div class="" data-turn-id-container="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-23" data-is-intersecting="true">
<section class="text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]" dir="auto" data-turn-id="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-23" data-turn-id-container="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-23" data-testid="conversation-turn-48" data-turn="assistant">
<div class="text-base my-auto mx-auto pb-10 [--thread-content-margin:var(--thread-content-margin-xs,calc(var(--spacing)*4))] @w-sm/main:[--thread-content-margin:var(--thread-content-margin-sm,calc(var(--spacing)*6))] @w-lg/main:[--thread-content-margin:var(--thread-content-margin-lg,calc(var(--spacing)*16))] px-(--thread-content-margin)">
<div data-conversation-screenshot-content="" class="[--thread-content-max-width:40rem] @w-lg/main:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn">
<div class="flex max-w-full flex-col gap-4 grow">
<div data-message-author-role="assistant" data-message-id="b6bfcf17-f32e-4f62-8eaf-71d9ca23d55a" dir="auto" data-message-model-slug="gpt-5-5-thinking" class="min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal outline-none keyboard-focused:focus-ring [.text-message+&amp;]:mt-1" data-turn-start-message="true" tabindex="0">
<div class="flex w-full flex-col gap-1 empty:hidden">
<div class="markdown prose dark:prose-invert wrap-break-word w-full light markdown-new-styling">
<div class="" data-turn-id-container="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-24" data-is-intersecting="true">
<section class="text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]" dir="auto" data-turn-id="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-24" data-turn-id-container="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-24" data-testid="conversation-turn-50" data-turn="assistant">
<div class="text-base my-auto mx-auto pb-10 [--thread-content-margin:var(--thread-content-margin-xs,calc(var(--spacing)*4))] @w-sm/main:[--thread-content-margin:var(--thread-content-margin-sm,calc(var(--spacing)*6))] @w-lg/main:[--thread-content-margin:var(--thread-content-margin-lg,calc(var(--spacing)*16))] px-(--thread-content-margin)">
<div data-conversation-screenshot-content="" class="[--thread-content-max-width:40rem] @w-lg/main:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn">
<div class="flex max-w-full flex-col gap-4 grow">
<div data-message-author-role="assistant" data-message-id="0f8b9e84-9e76-4682-8371-45be27fb03ca" dir="auto" data-message-model-slug="gpt-5-5-thinking" class="min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal outline-none keyboard-focused:focus-ring [.text-message+&amp;]:mt-1" data-turn-start-message="true" tabindex="0">
<div class="flex w-full flex-col gap-1 empty:hidden">
<div class="markdown prose dark:prose-invert wrap-break-word w-full light markdown-new-styling">
<p data-start="0" data-end="190">When AI agents are given access to your development environment, it is not enough to trust that they will behave correctly, or that each individual developer has all the risks under control.</p>
<p data-start="192" data-end="390" data-is-last-node="" data-is-only-node="">As an organisation, you need to set the framework through governance: clearly defined rules for which skills, plugins, MCP servers, and CLI tools may be used, and how they are installed and managed.</p>
</div>
</div>
</div>
</div>
</div>
</div>
</section>
</div>
</div>
</div>
</div>
</div>
<div class="z-0 flex min-h-[46px] justify-start"></div>
<div class="mt-3 w-full empty:hidden">
<div class="text-center"></div>
</div>
</div>
</div>
</section>
</div>
</div>
<div aria-hidden="true" class="pointer-events-none -mt-px h-px translate-y-[calc(var(--scroll-root-safe-area-inset-bottom)-14*var(--spacing))]"></div>
</div>
<blockquote>
<p>“Make sure you have clear rules and governance in place, so no one can simply install random AI plugins or connect to external services where both trade secrets and personal data could end up being leaked.”</p>
<footer>
<p>                <cite>is Mads’ advice.</cite></p>
</footer>
</blockquote>
<blockquote>
<p>“It should not be up to each individual developer to assess whether a random plugin, MCP server, or external service is secure enough.”</p>
<footer>
<p>                <cite>he adds.</cite></p>
</footer>
</blockquote>
<div>
<p>A good rule of thumb is to view the agent as any other part of your software supply chain: it must be assessed, approved, updated, and removable again if it turns out to pose a risk.</p>
</div>
<div>
<h2>Implement security tools and sandboxes</h2>
<p data-start="0" data-end="87">Governance sets the framework. Technical security measures must enforce it in practice.</p>
<p data-start="89" data-end="283" data-is-last-node="" data-is-only-node="">Use, for example, sandboxes, containers, or isolated development environments so the agent cannot freely read the entire file system, change critical files, or run commands without restrictions.</p>
</div>
<blockquote>
<p>“Use the built-in security features so AI cannot perform critical actions such as deleting production data. It is easy to overlook, but it can be costly.”</p>
<footer>
<p>                <cite>Mads emphasises.</cite></p>
</footer>
</blockquote>
<div>
<p data-start="0" data-end="293">Security scans, agent hooks, and approval gates can help stop risky actions before they happen. This could include requiring human approval before the agent installs packages, changes CI/CD configuration, uses secrets, deletes files, pushes code, or attempts to access production environments.</p>
<p data-start="295" data-end="484" data-is-last-node="" data-is-only-node="">Security features should not simply be enabled once and then forgotten. They should be tested continuously, so you know whether they actually stop the actions they were designed to prevent.</p>
</div>
<div>
<div class="qMYqUG_convSearchResultHighlightRoot">
<div class="" data-turn-id-container="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-36" data-is-intersecting="true">
<section class="text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]" dir="auto" data-turn-id="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-36" data-turn-id-container="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-36" data-testid="conversation-turn-74" data-turn="assistant">
<div class="text-base my-auto mx-auto pb-10 [--thread-content-margin:var(--thread-content-margin-xs,calc(var(--spacing)*4))] @w-sm/main:[--thread-content-margin:var(--thread-content-margin-sm,calc(var(--spacing)*6))] @w-lg/main:[--thread-content-margin:var(--thread-content-margin-lg,calc(var(--spacing)*16))] px-(--thread-content-margin)">
<div data-conversation-screenshot-content="" class="[--thread-content-max-width:40rem] @w-lg/main:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn">
<div class="flex max-w-full flex-col gap-4 grow">
<div data-message-author-role="assistant" data-message-id="553a0af2-3027-44b9-aac7-7636a63f4fe7" dir="auto" data-message-model-slug="gpt-5-5-thinking" class="min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal outline-none keyboard-focused:focus-ring [.text-message+&amp;]:mt-1" data-turn-start-message="true" tabindex="0">
<div class="flex w-full flex-col gap-1 empty:hidden">
<div class="markdown prose dark:prose-invert wrap-break-word w-full light markdown-new-styling">
<h2 data-start="0" data-end="57">Summary: Five security recommendations to get you started</h2>
</div>
</div>
</div>
</div>
</div>
</div>
</section>
</div>
</div>
<div class="" data-turn-id-container="580e4ad9-d9b6-4de1-90a9-9578d40c476a" data-is-intersecting="true">
<section class="text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-(--sticky-padding-top)" dir="auto" data-turn-id="580e4ad9-d9b6-4de1-90a9-9578d40c476a" data-turn-id-container="580e4ad9-d9b6-4de1-90a9-9578d40c476a" data-testid="conversation-turn-75" data-turn="user"></section>
</div>
<div class="" data-turn-id-container="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-37" data-is-intersecting="true">
<section class="text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]" dir="auto" data-turn-id="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-37" data-turn-id-container="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-37" data-testid="conversation-turn-76" data-turn="assistant">
<div class="text-base my-auto mx-auto pb-10 [--thread-content-margin:var(--thread-content-margin-xs,calc(var(--spacing)*4))] @w-sm/main:[--thread-content-margin:var(--thread-content-margin-sm,calc(var(--spacing)*6))] @w-lg/main:[--thread-content-margin:var(--thread-content-margin-lg,calc(var(--spacing)*16))] px-(--thread-content-margin)">
<div data-conversation-screenshot-content="" class="[--thread-content-max-width:40rem] @w-lg/main:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn">
<div class="flex max-w-full flex-col gap-4 grow">
<div data-message-author-role="assistant" data-message-id="efd19e8f-1a9d-42f4-b808-3c4f86021724" dir="auto" data-message-model-slug="gpt-5-5-thinking" class="min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal outline-none keyboard-focused:focus-ring [.text-message+&amp;]:mt-1" data-turn-start-message="true" tabindex="0">
<div class="flex w-full flex-col gap-1 empty:hidden">
<div class="markdown prose dark:prose-invert wrap-break-word w-full light markdown-new-styling">
<p data-start="0" data-end="242">Mads’ key point is that agentic coding is rapidly making its way into development environments. In many organisations, it is already in use — perhaps in yours too. That is why the work on security, governance, and risk management cannot wait. Start here:</p>
</div>
</div>
</div>
</div>
</div>
</div>
</section>
</div>
<ul>
<li data-start="0" data-end="148"><strong data-start="0" data-end="20">Get started now.</strong> Do not wait for the perfect framework. Set the direction, expectations, and boundaries while you learn, and adapt continuously.</li>
<li data-start="150" data-end="330"><strong data-start="150" data-end="182">Start with the threat model.</strong> Get an overview of what needs to be protected, which data flows where, which components are part of your setup, and where something could go wrong.</li>
<li data-start="332" data-end="539"><strong data-start="332" data-end="367">Upskill and involve developers.</strong> Security needs to fit the way developers actually work. That is why they should be involved from the start — as users, sparring partners, and co-creators of the framework.</li>
<li data-start="541" data-end="746"><strong data-start="541" data-end="601">Set clear boundaries for governance and risk management.</strong> It should not be up to the individual developer to assess which plugins, MCP servers, skills, CLI tools, or external services are secure enough.</li>
<li data-start="748" data-end="990"><strong data-start="748" data-end="807">Enforce the framework with technical security measures.</strong> Use sandboxes, containers, security scans, agent hooks, and approval gates so the agent cannot freely access files, credentials, production data, or critical systems without control.</li>
</ul>
<p data-start="0" data-end="339">Initially, it is the responsibility of the organisation and management to create a secure framework. Not the individual developer’s. Because agentic coding is going to play a bigger role, and the organisations that get started now will be in a stronger position than those that only react once the AI agent has already been given the keys.</p>
<p data-start="341" data-end="422" data-is-last-node="" data-is-only-node="">Mads concludes with a reminder that not everyone is starting from the same place:</p>
</div>
<blockquote>
<div class="" data-turn-id-container="68e98af2-3f61-4d76-a2ab-09c7a8198726" data-is-intersecting="true">
<section class="text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-(--sticky-padding-top)" dir="auto" data-turn-id="68e98af2-3f61-4d76-a2ab-09c7a8198726" data-turn-id-container="68e98af2-3f61-4d76-a2ab-09c7a8198726" data-testid="conversation-turn-81" data-turn="user"></section>
</div>
<div class="" data-turn-id-container="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-40" data-is-intersecting="true">
<section class="text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]" dir="auto" data-turn-id="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-40" data-turn-id-container="request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-40" data-testid="conversation-turn-82" data-turn="assistant">
<div class="text-base my-auto mx-auto pb-10 [--thread-content-margin:var(--thread-content-margin-xs,calc(var(--spacing)*4))] @w-sm/main:[--thread-content-margin:var(--thread-content-margin-sm,calc(var(--spacing)*6))] @w-lg/main:[--thread-content-margin:var(--thread-content-margin-lg,calc(var(--spacing)*16))] px-(--thread-content-margin)">
<div data-conversation-screenshot-content="" class="[--thread-content-max-width:40rem] @w-lg/main:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn">
<div class="flex max-w-full flex-col gap-4 grow">
<div data-message-author-role="assistant" data-message-id="197c7d35-9916-4297-9594-657fa59b57bd" dir="auto" data-message-model-slug="gpt-5-5-thinking" class="min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal outline-none keyboard-focused:focus-ring [.text-message+&amp;]:mt-1" data-turn-start-message="true" tabindex="0">
<div class="flex w-full flex-col gap-1 empty:hidden">
<div class="markdown prose dark:prose-invert wrap-break-word w-full light markdown-new-styling">
<p data-start="0" data-end="288" data-is-last-node="" data-is-only-node="">“It is not enough to test on yourself or your three closest colleagues. The security measures need to work for the entire organisation in practice. Not everyone is an AI expert, and we need to be careful of blind spots. That is why it is so important to involve employees from the start.”</p>
</div>
</div>
</div>
</div>
</div>
</div>
</section>
</div>
<footer>
<p>                <cite>Mads concludes.</cite></p>
</footer>
</blockquote>
<p><img decoding="async" src="/wp-content/uploads/2026/06/Mads-til-blog_portraet-scaled.jpg" alt="Lead Security Engineer Mads Schaarup Andersen"></p>
<p><span id="more-22660"></span><br />
<!-- {"type":"layout","children":[{"type":"section","props":{"image_position":"center-center","style":"default","title_breakpoint":"xl","title_position":"top-left","title_rotation":"left","vertical_align":"","width":"default"},"children":[{"type":"row","children":[{"type":"column","props":{"image_position":"center-center","position_sticky_breakpoint":"m"},"children":[{"type":"headline","props":{"content":"

<div class=\"qMYqUG_convSearchResultHighlightRoot\">\n

<div class=\"\" data-turn-id-container=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-0\" data-is-intersecting=\"true\">\n

<section class=\"text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]\" dir=\"auto\" data-turn-id=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-0\" data-turn-id-container=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-0\" data-testid=\"conversation-turn-2\" data-turn=\"assistant\">\n

<div class=\"text-base my-auto mx-auto pb-10 [--thread-content-margin:var(--thread-content-margin-xs,calc(var(--spacing)*4))] @w-sm\/main:[--thread-content-margin:var(--thread-content-margin-sm,calc(var(--spacing)*6))] @w-lg\/main:[--thread-content-margin:var(--thread-content-margin-lg,calc(var(--spacing)*16))] px-(--thread-content-margin)\">\n

<div data-conversation-screenshot-content=\"\" class=\"[--thread-content-max-width:40rem] @w-lg\/main:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group\/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn\">\n

<div class=\"flex max-w-full flex-col gap-4 grow\">\n

<div data-message-author-role=\"assistant\" data-message-id=\"24da6c26-79b7-4c01-9849-0a7688ac3c03\" dir=\"auto\" data-message-model-slug=\"gpt-5-5-thinking\" class=\"min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal outline-none keyboard-focused:focus-ring [.text-message+&amp;]:mt-1\" data-turn-start-message=\"true\" tabindex=\"0\">\n

<div class=\"flex w-full flex-col gap-1 empty:hidden\">\n

<div class=\"markdown prose dark:prose-invert wrap-break-word w-full light markdown-new-styling\">\n

<p data-start=\"0\" data-end=\"77\" data-is-last-node=\"\" data-is-only-node=\"\"><strong data-start=\"0\" data-end=\"77\" data-is-last-node=\"\" data-is-only-node=\"\">Agentic coding: Is your setup secure before you give the AI agent access?<\/strong><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n

<div class=\"z-0 flex min-h-[46px] justify-start\"><\/div>\n

<div class=\"mt-3 w-full empty:hidden\">\n

<div class=\"text-center\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/section>\n<\/div>\n<\/div>\n

<div aria-hidden=\"true\" class=\"pointer-events-none -mt-px h-px translate-y-[calc(var(--scroll-root-safe-area-inset-bottom)-14*var(--spacing))]\"><\/div>","title_element":"h1"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p><strong>You have a new colleague in the office. She is tireless, fast, and extremely confident. Agentic coding can feel like having a new junior developer on the team, but she does not behave like the flesh-and-blood kind. So how do you get security under control before handing your new colleague the keys to everything you can access yourself?<\/strong><\/p>\n

<p>There is great potential in\u00a0<a href=\"https:\/\/mjolner.dk\/indsigt\/blog\/fra-autocomplete-til-medudvikler-60-kollegaer-dykkede-ned-i-github-copilot\/\">agentic coding<\/a>, but it also comes with risks. Because when we give AI agents access to code, we are effectively also giving them access to a range of systems, decisions, and actions that can have consequences if the setup is not properly secured.<\/p>\n

<p>In this blog post, Lead Security Engineer <a href=\"https:\/\/www.linkedin.com\/in\/madssandersen\/\">Mads Schaarup Andersen <\/a>explains where organisations should start before AI agents become a permanent part of the development environment.<\/p>","margin":"default"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<h2>Get started!<\/h2>\n

<div class=\"\" data-turn-id-container=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-4\" data-is-intersecting=\"true\">\n

<section class=\"text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]\" dir=\"auto\" data-turn-id=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-4\" data-turn-id-container=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-4\" data-testid=\"conversation-turn-10\" data-turn=\"assistant\">\n

<div class=\"text-base my-auto mx-auto pb-10 [--thread-content-margin:var(--thread-content-margin-xs,calc(var(--spacing)*4))] @w-sm\/main:[--thread-content-margin:var(--thread-content-margin-sm,calc(var(--spacing)*6))] @w-lg\/main:[--thread-content-margin:var(--thread-content-margin-lg,calc(var(--spacing)*16))] px-(--thread-content-margin)\">\n

<div data-conversation-screenshot-content=\"\" class=\"[--thread-content-max-width:40rem] @w-lg\/main:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group\/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn\">\n

<div class=\"flex max-w-full flex-col gap-4 grow\">\n

<div data-message-author-role=\"assistant\" data-message-id=\"7c31ac56-6c38-4193-bde8-58f4273a2f37\" dir=\"auto\" data-message-model-slug=\"gpt-5-5-thinking\" class=\"min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal outline-none keyboard-focused:focus-ring [.text-message+&amp;]:mt-1\" data-turn-start-message=\"true\" tabindex=\"0\">\n

<div class=\"flex w-full flex-col gap-1 empty:hidden\">\n

<div class=\"markdown prose dark:prose-invert wrap-break-word w-full light markdown-new-styling\">\n

<p data-start=\"0\" data-end=\"274\" data-is-last-node=\"\" data-is-only-node=\"\">This may seem like an obvious point, but a surprising number of organisations run into problems because they do not get started in time. As a leader, you can be absolutely certain that employees are already actively using agentic coding, whether you are ready for it or not.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/section>\n<\/div>","margin":"default"}},{"type":"quotation","props":{"author":"Mads emphasises.","content":"

<div class=\"\" data-turn-id-container=\"00a19209-d47e-4b51-a48d-82912bda23ac\" data-is-intersecting=\"true\">\n

<section class=\"text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-(--sticky-padding-top)\" dir=\"auto\" data-turn-id=\"00a19209-d47e-4b51-a48d-82912bda23ac\" data-turn-id-container=\"00a19209-d47e-4b51-a48d-82912bda23ac\" data-testid=\"conversation-turn-11\" data-turn=\"user\"><\/section>\n<\/div>\n

<div class=\"\" data-turn-id-container=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-5\" data-is-intersecting=\"true\">\n

<section class=\"text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]\" dir=\"auto\" data-turn-id=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-5\" data-turn-id-container=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-5\" data-testid=\"conversation-turn-12\" data-turn=\"assistant\">\n

<div class=\"text-base my-auto mx-auto pb-10 [--thread-content-margin:var(--thread-content-margin-xs,calc(var(--spacing)*4))] @w-sm\/main:[--thread-content-margin:var(--thread-content-margin-sm,calc(var(--spacing)*6))] @w-lg\/main:[--thread-content-margin:var(--thread-content-margin-lg,calc(var(--spacing)*16))] px-(--thread-content-margin)\">\n

<div data-conversation-screenshot-content=\"\" class=\"[--thread-content-max-width:40rem] @w-lg\/main:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group\/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn\">\n

<div class=\"flex max-w-full flex-col gap-4 grow\">\n

<div data-message-author-role=\"assistant\" data-message-id=\"dc70d31c-dfe0-4db2-b491-9840822ae176\" dir=\"auto\" data-message-model-slug=\"gpt-5-5-thinking\" class=\"min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal outline-none keyboard-focused:focus-ring [.text-message+&amp;]:mt-1\" data-turn-start-message=\"true\" tabindex=\"0\">\n

<div class=\"flex w-full flex-col gap-1 empty:hidden\">\n

<div class=\"markdown prose dark:prose-invert wrap-break-word w-full light markdown-new-styling\">\n

<p data-start=\"0\" data-end=\"296\" data-is-last-node=\"\" data-is-only-node=\"\">\u201cIt is not about painting a frightening picture, but about seizing the opportunity in the fact that you have skilled employees who are already using AI tools. As management, it is your responsibility to communicate the expectations and opportunities. Even if you do not have all the answers yet\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/section>\n<\/div>"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p>AI policies and threat modelling are processes that will evolve over time. If you decide to build an elaborate framework before involving your employees, you are almost certainly already behind.<\/p>","margin":"default"}},{"type":"quotation","props":{"author":"Mads states.","content":"

<div class=\"qMYqUG_convSearchResultHighlightRoot\">\n

<div class=\"\" data-turn-id-container=\"6e02b8a3-7a56-469c-8f7d-3e926c91fd10\" data-is-intersecting=\"true\">\n

<section class=\"text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-(--sticky-padding-top)\" dir=\"auto\" data-turn-id=\"6e02b8a3-7a56-469c-8f7d-3e926c91fd10\" data-turn-id-container=\"6e02b8a3-7a56-469c-8f7d-3e926c91fd10\" data-testid=\"conversation-turn-19\" data-turn=\"user\"><\/section>\n<\/div>\n

<div class=\"\" data-turn-id-container=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-9\" data-is-intersecting=\"true\">\n

<section class=\"text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]\" dir=\"auto\" data-turn-id=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-9\" data-turn-id-container=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-9\" data-testid=\"conversation-turn-20\" data-turn=\"assistant\">\n

<div class=\"text-base my-auto mx-auto pb-10 [--thread-content-margin:var(--thread-content-margin-xs,calc(var(--spacing)*4))] @w-sm\/main:[--thread-content-margin:var(--thread-content-margin-sm,calc(var(--spacing)*6))] @w-lg\/main:[--thread-content-margin:var(--thread-content-margin-lg,calc(var(--spacing)*16))] px-(--thread-content-margin)\">\n

<div data-conversation-screenshot-content=\"\" class=\"[--thread-content-max-width:40rem] @w-lg\/main:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group\/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn\">\n

<div class=\"flex max-w-full flex-col gap-4 grow\">\n

<div data-message-author-role=\"assistant\" data-message-id=\"65de32e0-cfa0-4ebf-9f7e-073c226fb676\" dir=\"auto\" data-message-model-slug=\"gpt-5-5-thinking\" class=\"min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal outline-none keyboard-focused:focus-ring [.text-message+&amp;]:mt-1\" data-turn-start-message=\"true\" tabindex=\"0\">\n

<div class=\"flex w-full flex-col gap-1 empty:hidden\">\n

<div class=\"markdown prose dark:prose-invert wrap-break-word w-full light markdown-new-styling\">\n

<p data-start=\"0\" data-end=\"186\" data-is-last-node=\"\" data-is-only-node=\"\">\u201cIt is not about achieving the highest level of maturity from day one. Ask, build, and adapt. Otherwise, you risk designing a setup that does not actually fit the developers\u2019 workflows\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n

<div class=\"z-0 flex min-h-[46px] justify-start\"><\/div>\n

<div class=\"mt-3 w-full empty:hidden\">\n

<div class=\"text-center\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/section>\n<\/div>\n<\/div>\n

<div aria-hidden=\"true\" class=\"pointer-events-none -mt-px h-px translate-y-[calc(var(--scroll-root-safe-area-inset-bottom)-14*var(--spacing))]\"><\/div>"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<h2>Understand the threat model<\/h2>\n

<div class=\"qMYqUG_convSearchResultHighlightRoot\">\n

<div class=\"\" data-turn-id-container=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-12\" data-is-intersecting=\"true\">\n

<section class=\"text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]\" dir=\"auto\" data-turn-id=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-12\" data-turn-id-container=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-12\" data-testid=\"conversation-turn-26\" data-turn=\"assistant\">\n

<div class=\"text-base my-auto mx-auto pb-10 [--thread-content-margin:var(--thread-content-margin-xs,calc(var(--spacing)*4))] @w-sm\/main:[--thread-content-margin:var(--thread-content-margin-sm,calc(var(--spacing)*6))] @w-lg\/main:[--thread-content-margin:var(--thread-content-margin-lg,calc(var(--spacing)*16))] px-(--thread-content-margin)\">\n

<div data-conversation-screenshot-content=\"\" class=\"[--thread-content-max-width:40rem] @w-lg\/main:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group\/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn\">\n

<div class=\"flex max-w-full flex-col gap-4 grow\">\n

<div data-message-author-role=\"assistant\" data-message-id=\"8a0c8882-d9c7-4d0f-b30b-311c4153e206\" dir=\"auto\" data-message-model-slug=\"gpt-5-5-thinking\" class=\"min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal outline-none keyboard-focused:focus-ring [.text-message+&amp;]:mt-1\" data-turn-start-message=\"true\" tabindex=\"0\">\n

<div class=\"flex w-full flex-col gap-1 empty:hidden\">\n

<div class=\"markdown prose dark:prose-invert wrap-break-word w-full light markdown-new-styling\">\n

<p data-start=\"0\" data-end=\"296\" data-is-last-node=\"\" data-is-only-node=\"\">With AI as a partner, we are moving into new territory. And like any explorer, you need to map the terrain you are about to explore. That is why you should start with a threat model: What needs to be protected, who or what could compromise it, and what would the consequences be if that happened?<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/section>\n<\/div>\n<\/div>","margin":"default"}},{"type":"quotation","props":{"author":"says Mads.","content":"

<div class=\"\" data-turn-id-container=\"b9bc9105-33c6-423b-a58a-68abdd51d772\" data-is-intersecting=\"true\">\n

<section class=\"text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-(--sticky-padding-top)\" dir=\"auto\" data-turn-id=\"b9bc9105-33c6-423b-a58a-68abdd51d772\" data-turn-id-container=\"b9bc9105-33c6-423b-a58a-68abdd51d772\" data-testid=\"conversation-turn-27\" data-turn=\"user\"><\/section>\n<\/div>\n

<div class=\"\" data-turn-id-container=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-13\" data-is-intersecting=\"true\">\n

<section class=\"text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]\" dir=\"auto\" data-turn-id=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-13\" data-turn-id-container=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-13\" data-testid=\"conversation-turn-28\" data-turn=\"assistant\">\n

<div class=\"text-base my-auto mx-auto [--thread-content-margin:var(--thread-content-margin-xs,calc(var(--spacing)*4))] @w-sm\/main:[--thread-content-margin:var(--thread-content-margin-sm,calc(var(--spacing)*6))] @w-lg\/main:[--thread-content-margin:var(--thread-content-margin-lg,calc(var(--spacing)*16))] px-(--thread-content-margin)\">\n

<div data-conversation-screenshot-content=\"\" class=\"[--thread-content-max-width:40rem] @w-lg\/main:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group\/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn\">\n

<div class=\"flex max-w-full flex-col gap-4 grow\">\n

<div data-message-author-role=\"assistant\" data-message-id=\"36797ecd-c5a1-417d-973b-cdf536d4891a\" dir=\"auto\" data-message-model-slug=\"gpt-5-5-thinking\" class=\"min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal outline-none keyboard-focused:focus-ring [.text-message+&amp;]:mt-1\">\n

<div class=\"flex w-full flex-col gap-1 empty:hidden\">\n

<div class=\"markdown prose dark:prose-invert wrap-break-word w-full light markdown-new-styling\">\n

<p data-start=\"0\" data-end=\"205\" data-is-last-node=\"\" data-is-only-node=\"\">\u201cBefore you let AI loose in your development environment, you need to understand what is involved in an agent-based coding process. Which data flows where, and where in that flow could something go wrong?\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/section>\n<\/div>"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<div class=\"\" data-turn-id-container=\"febad228-4c83-4050-aaa3-44a3591279dc\" data-is-intersecting=\"true\">\n

<section class=\"text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-(--sticky-padding-top)\" dir=\"auto\" data-turn-id=\"febad228-4c83-4050-aaa3-44a3591279dc\" data-turn-id-container=\"febad228-4c83-4050-aaa3-44a3591279dc\" data-testid=\"conversation-turn-31\" data-turn=\"user\"><\/section>\n<\/div>\n

<div class=\"\" data-turn-id-container=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-15\" data-is-intersecting=\"true\">\n

<section class=\"text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]\" dir=\"auto\" data-turn-id=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-15\" data-turn-id-container=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-15\" data-testid=\"conversation-turn-32\" data-turn=\"assistant\">\n

<div class=\"text-base my-auto mx-auto pb-10 [--thread-content-margin:var(--thread-content-margin-xs,calc(var(--spacing)*4))] @w-sm\/main:[--thread-content-margin:var(--thread-content-margin-sm,calc(var(--spacing)*6))] @w-lg\/main:[--thread-content-margin:var(--thread-content-margin-lg,calc(var(--spacing)*16))] px-(--thread-content-margin)\">\n

<div data-conversation-screenshot-content=\"\" class=\"[--thread-content-max-width:40rem] @w-lg\/main:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group\/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn\">\n

<div class=\"flex max-w-full flex-col gap-4 grow\">\n

<div data-message-author-role=\"assistant\" data-message-id=\"96a650c6-c1a8-470c-8082-98a269415cd0\" dir=\"auto\" data-message-model-slug=\"gpt-5-5-thinking\" class=\"min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal outline-none keyboard-focused:focus-ring [.text-message+&amp;]:mt-1\" data-turn-start-message=\"true\" tabindex=\"0\">\n

<div class=\"flex w-full flex-col gap-1 empty:hidden\">\n

<div class=\"markdown prose dark:prose-invert wrap-break-word w-full light markdown-new-styling\">\n

<p data-start=\"0\" data-end=\"300\">Start by understanding that there are many components at play when you work with agent-based coding. There is the model, the LLM, that you connect to; there are resources in the local environment on the developers\u2019 machines; agent plugins, MCP servers, custom agents, and skills \u2014 just to name a few.<\/p>\n

<p data-start=\"302\" data-end=\"411\">By default, the agent may be able to access every part of the setup. But ask yourselves: is that appropriate?<\/p>\n

<p data-start=\"413\" data-end=\"721\" data-is-last-node=\"\" data-is-only-node=\"\">It is also important to think in terms of malicious manipulation. An agent is not only influenced by what the user writes directly. It can also be affected by so-called injection attacks, where malicious instructions are added to the workflow from, for example, a manipulated plugin or a compromised website.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/section>\n<\/div>","margin":"default"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<h2>Upskill and involve developers<\/h2>\n

<div class=\"\" data-turn-id-container=\"85aa191a-e92b-4198-b03f-f76584196de4\" data-is-intersecting=\"true\">\n

<section class=\"text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-(--sticky-padding-top)\" dir=\"auto\" data-turn-id=\"85aa191a-e92b-4198-b03f-f76584196de4\" data-turn-id-container=\"85aa191a-e92b-4198-b03f-f76584196de4\" data-testid=\"conversation-turn-35\" data-turn=\"user\"><\/section>\n<\/div>\n

<div class=\"\" data-turn-id-container=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-17\" data-is-intersecting=\"true\">\n

<section class=\"text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]\" dir=\"auto\" data-turn-id=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-17\" data-turn-id-container=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-17\" data-testid=\"conversation-turn-36\" data-turn=\"assistant\">\n

<div class=\"text-base my-auto mx-auto pb-10 [--thread-content-margin:var(--thread-content-margin-xs,calc(var(--spacing)*4))] @w-sm\/main:[--thread-content-margin:var(--thread-content-margin-sm,calc(var(--spacing)*6))] @w-lg\/main:[--thread-content-margin:var(--thread-content-margin-lg,calc(var(--spacing)*16))] px-(--thread-content-margin)\">\n

<div data-conversation-screenshot-content=\"\" class=\"[--thread-content-max-width:40rem] @w-lg\/main:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group\/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn\">\n

<div class=\"flex max-w-full flex-col gap-4 grow\">\n

<div data-message-author-role=\"assistant\" data-message-id=\"ca3da66f-a771-42e0-8dcc-7249776946ab\" dir=\"auto\" data-message-model-slug=\"gpt-5-5-thinking\" class=\"min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal outline-none keyboard-focused:focus-ring [.text-message+&amp;]:mt-1\" data-turn-start-message=\"true\" tabindex=\"0\">\n

<div class=\"flex w-full flex-col gap-1 empty:hidden\">\n

<div class=\"markdown prose dark:prose-invert wrap-break-word w-full light markdown-new-styling\">\n

<p data-start=\"0\" data-end=\"247\">Even the best rules and security measures only work if developers understand why they exist and how to use them in their day-to-day work. That is why it is the organisation\u2019s responsibility to equip developers to work securely with agentic coding.<\/p>\n

<p data-start=\"249\" data-end=\"352\" data-is-last-node=\"\" data-is-only-node=\"\">And it is absolutely critical to both success and security that developers are involved in the process:<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/section>\n<\/div>","margin":"default"}},{"type":"quotation","props":{"author":"Mads points out. ","content":"

<div class=\"\" data-turn-id-container=\"9a9ee462-1bab-4710-b256-3bc306c65057\" data-is-intersecting=\"true\">\n

<section class=\"text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-(--sticky-padding-top)\" dir=\"auto\" data-turn-id=\"9a9ee462-1bab-4710-b256-3bc306c65057\" data-turn-id-container=\"9a9ee462-1bab-4710-b256-3bc306c65057\" data-testid=\"conversation-turn-37\" data-turn=\"user\"><\/section>\n<\/div>\n

<div class=\"\" data-turn-id-container=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-18\" data-is-intersecting=\"true\">\n

<section class=\"text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]\" dir=\"auto\" data-turn-id=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-18\" data-turn-id-container=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-18\" data-testid=\"conversation-turn-38\" data-turn=\"assistant\">\n

<div class=\"text-base my-auto mx-auto pb-10 [--thread-content-margin:var(--thread-content-margin-xs,calc(var(--spacing)*4))] @w-sm\/main:[--thread-content-margin:var(--thread-content-margin-sm,calc(var(--spacing)*6))] @w-lg\/main:[--thread-content-margin:var(--thread-content-margin-lg,calc(var(--spacing)*16))] px-(--thread-content-margin)\">\n

<div data-conversation-screenshot-content=\"\" class=\"[--thread-content-max-width:40rem] @w-lg\/main:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group\/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn\">\n

<div class=\"flex max-w-full flex-col gap-4 grow\">\n

<div data-message-author-role=\"assistant\" data-message-id=\"49465d95-5cca-4cdf-be7f-3581f31a1fcc\" dir=\"auto\" data-message-model-slug=\"gpt-5-5-thinking\" class=\"min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal outline-none keyboard-focused:focus-ring [.text-message+&amp;]:mt-1\" data-turn-start-message=\"true\" tabindex=\"0\">\n

<div class=\"flex w-full flex-col gap-1 empty:hidden\">\n

<div class=\"markdown prose dark:prose-invert wrap-break-word w-full light markdown-new-styling\">\n

<p data-start=\"0\" data-end=\"201\">\u201cYour employees are not going to seek out this knowledge on their own. As an organisation, you need to involve and motivate them \u2014 and, not least, listen to how developers are actually working with AI.<\/p>\n

<p data-start=\"203\" data-end=\"315\" data-is-last-node=\"\" data-is-only-node=\"\">If you do not ask, incorrect assumptions may lead you to a place where policy and practice live separate lives.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/section>\n<\/div>"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p>This includes teaching developers to recognise risks such as prompt injection, insecure plugins, uncritical package installation, sharing secrets, and overly broad permissions. Use recognised resources such as <a href=\"https:\/\/owasp.org\/\">OWASP<\/a>, internal guidelines, and concrete examples from your own development environments to make security practical and relevant.<\/p>","margin":"default"}},{"type":"quotation","props":{"author":"says Mads.","content":"

<p>\u201cGive developers access to good security resources so they know how to protect both code and data when AI becomes part of the toolbox\u201d<\/p>"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<div class=\"\" data-turn-id-container=\"bf456e70-ae4e-4eeb-99c3-8945b1a65b22\" data-is-intersecting=\"true\">\n

<section class=\"text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-(--sticky-padding-top)\" dir=\"auto\" data-turn-id=\"bf456e70-ae4e-4eeb-99c3-8945b1a65b22\" data-turn-id-container=\"bf456e70-ae4e-4eeb-99c3-8945b1a65b22\" data-testid=\"conversation-turn-43\" data-turn=\"user\"><\/section>\n<\/div>\n

<div class=\"\" data-turn-id-container=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-21\" data-is-intersecting=\"true\">\n

<section class=\"text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]\" dir=\"auto\" data-turn-id=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-21\" data-turn-id-container=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-21\" data-testid=\"conversation-turn-44\" data-turn=\"assistant\">\n

<div class=\"text-base my-auto mx-auto pb-10 [--thread-content-margin:var(--thread-content-margin-xs,calc(var(--spacing)*4))] @w-sm\/main:[--thread-content-margin:var(--thread-content-margin-sm,calc(var(--spacing)*6))] @w-lg\/main:[--thread-content-margin:var(--thread-content-margin-lg,calc(var(--spacing)*16))] px-(--thread-content-margin)\">\n

<div data-conversation-screenshot-content=\"\" class=\"[--thread-content-max-width:40rem] @w-lg\/main:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group\/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn\">\n

<div class=\"flex max-w-full flex-col gap-4 grow\">\n

<div data-message-author-role=\"assistant\" data-message-id=\"78964c6a-4df6-4d4b-a60b-dcc91a77f67f\" dir=\"auto\" data-message-model-slug=\"gpt-5-5-thinking\" class=\"min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal outline-none keyboard-focused:focus-ring [.text-message+&amp;]:mt-1\" data-turn-start-message=\"true\" tabindex=\"0\">\n

<div class=\"flex w-full flex-col gap-1 empty:hidden\">\n

<div class=\"markdown prose dark:prose-invert wrap-break-word w-full light markdown-new-styling\">\n

<p data-start=\"0\" data-end=\"189\" data-is-last-node=\"\" data-is-only-node=\"\">At the same time, developers should know when to pause and ask for approval \u2014 for example, before the agent is given access to new tools, external services, production data, or credentials.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/section>\n<\/div>","margin":"default"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<h2>Establish governance and risk management<\/h2>\n

<div class=\"qMYqUG_convSearchResultHighlightRoot\">\n

<div class=\"\" data-turn-id-container=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-23\" data-is-intersecting=\"true\">\n

<section class=\"text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]\" dir=\"auto\" data-turn-id=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-23\" data-turn-id-container=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-23\" data-testid=\"conversation-turn-48\" data-turn=\"assistant\">\n

<div class=\"text-base my-auto mx-auto pb-10 [--thread-content-margin:var(--thread-content-margin-xs,calc(var(--spacing)*4))] @w-sm\/main:[--thread-content-margin:var(--thread-content-margin-sm,calc(var(--spacing)*6))] @w-lg\/main:[--thread-content-margin:var(--thread-content-margin-lg,calc(var(--spacing)*16))] px-(--thread-content-margin)\">\n

<div data-conversation-screenshot-content=\"\" class=\"[--thread-content-max-width:40rem] @w-lg\/main:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group\/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn\">\n

<div class=\"flex max-w-full flex-col gap-4 grow\">\n

<div data-message-author-role=\"assistant\" data-message-id=\"b6bfcf17-f32e-4f62-8eaf-71d9ca23d55a\" dir=\"auto\" data-message-model-slug=\"gpt-5-5-thinking\" class=\"min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal outline-none keyboard-focused:focus-ring [.text-message+&amp;]:mt-1\" data-turn-start-message=\"true\" tabindex=\"0\">\n

<div class=\"flex w-full flex-col gap-1 empty:hidden\">\n

<div class=\"markdown prose dark:prose-invert wrap-break-word w-full light markdown-new-styling\">\n

<div class=\"\" data-turn-id-container=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-24\" data-is-intersecting=\"true\">\n

<section class=\"text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]\" dir=\"auto\" data-turn-id=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-24\" data-turn-id-container=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-24\" data-testid=\"conversation-turn-50\" data-turn=\"assistant\">\n

<div class=\"text-base my-auto mx-auto pb-10 [--thread-content-margin:var(--thread-content-margin-xs,calc(var(--spacing)*4))] @w-sm\/main:[--thread-content-margin:var(--thread-content-margin-sm,calc(var(--spacing)*6))] @w-lg\/main:[--thread-content-margin:var(--thread-content-margin-lg,calc(var(--spacing)*16))] px-(--thread-content-margin)\">\n

<div data-conversation-screenshot-content=\"\" class=\"[--thread-content-max-width:40rem] @w-lg\/main:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group\/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn\">\n

<div class=\"flex max-w-full flex-col gap-4 grow\">\n

<div data-message-author-role=\"assistant\" data-message-id=\"0f8b9e84-9e76-4682-8371-45be27fb03ca\" dir=\"auto\" data-message-model-slug=\"gpt-5-5-thinking\" class=\"min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal outline-none keyboard-focused:focus-ring [.text-message+&amp;]:mt-1\" data-turn-start-message=\"true\" tabindex=\"0\">\n

<div class=\"flex w-full flex-col gap-1 empty:hidden\">\n

<div class=\"markdown prose dark:prose-invert wrap-break-word w-full light markdown-new-styling\">\n

<p data-start=\"0\" data-end=\"190\">When AI agents are given access to your development environment, it is not enough to trust that they will behave correctly, or that each individual developer has all the risks under control.<\/p>\n

<p data-start=\"192\" data-end=\"390\" data-is-last-node=\"\" data-is-only-node=\"\">As an organisation, you need to set the framework through governance: clearly defined rules for which skills, plugins, MCP servers, and CLI tools may be used, and how they are installed and managed.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/section>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n

<div class=\"z-0 flex min-h-[46px] justify-start\"><\/div>\n

<div class=\"mt-3 w-full empty:hidden\">\n

<div class=\"text-center\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/section>\n<\/div>\n<\/div>\n

<div aria-hidden=\"true\" class=\"pointer-events-none -mt-px h-px translate-y-[calc(var(--scroll-root-safe-area-inset-bottom)-14*var(--spacing))]\"><\/div>","margin":"default"}},{"type":"quotation","props":{"author":"is Mads\u2019 advice.","content":"

<p>\u201cMake sure you have clear rules and governance in place, so no one can simply install random AI plugins or connect to external services where both trade secrets and personal data could end up being leaked.\u201d<\/p>"}},{"type":"quotation","props":{"author":"he adds.","content":"

<p>\u201cIt should not be up to each individual developer to assess whether a random plugin, MCP server, or external service is secure enough.\u201d<\/p>"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p>A good rule of thumb is to view the agent as any other part of your software supply chain: it must be assessed, approved, updated, and removable again if it turns out to pose a risk.<\/p>","margin":"default"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<h2>Implement security tools and sandboxes<\/h2>\n

<p data-start=\"0\" data-end=\"87\">Governance sets the framework. Technical security measures must enforce it in practice.<\/p>\n

<p data-start=\"89\" data-end=\"283\" data-is-last-node=\"\" data-is-only-node=\"\">Use, for example, sandboxes, containers, or isolated development environments so the agent cannot freely read the entire file system, change critical files, or run commands without restrictions.<\/p>","margin":"default"}},{"type":"quotation","props":{"author":"Mads emphasises.","content":"

<p>\u201cUse the built-in security features so AI cannot perform critical actions such as deleting production data. It is easy to overlook, but it can be costly.\u201d<\/p>"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p data-start=\"0\" data-end=\"293\">Security scans, agent hooks, and approval gates can help stop risky actions before they happen. This could include requiring human approval before the agent installs packages, changes CI\/CD configuration, uses secrets, deletes files, pushes code, or attempts to access production environments.<\/p>\n

<p data-start=\"295\" data-end=\"484\" data-is-last-node=\"\" data-is-only-node=\"\">Security features should not simply be enabled once and then forgotten. They should be tested continuously, so you know whether they actually stop the actions they were designed to prevent.<\/p>","margin":"default"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<div class=\"qMYqUG_convSearchResultHighlightRoot\">\n

<div class=\"\" data-turn-id-container=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-36\" data-is-intersecting=\"true\">\n

<section class=\"text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]\" dir=\"auto\" data-turn-id=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-36\" data-turn-id-container=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-36\" data-testid=\"conversation-turn-74\" data-turn=\"assistant\">\n

<div class=\"text-base my-auto mx-auto pb-10 [--thread-content-margin:var(--thread-content-margin-xs,calc(var(--spacing)*4))] @w-sm\/main:[--thread-content-margin:var(--thread-content-margin-sm,calc(var(--spacing)*6))] @w-lg\/main:[--thread-content-margin:var(--thread-content-margin-lg,calc(var(--spacing)*16))] px-(--thread-content-margin)\">\n

<div data-conversation-screenshot-content=\"\" class=\"[--thread-content-max-width:40rem] @w-lg\/main:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group\/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn\">\n

<div class=\"flex max-w-full flex-col gap-4 grow\">\n

<div data-message-author-role=\"assistant\" data-message-id=\"553a0af2-3027-44b9-aac7-7636a63f4fe7\" dir=\"auto\" data-message-model-slug=\"gpt-5-5-thinking\" class=\"min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal outline-none keyboard-focused:focus-ring [.text-message+&amp;]:mt-1\" data-turn-start-message=\"true\" tabindex=\"0\">\n

<div class=\"flex w-full flex-col gap-1 empty:hidden\">\n

<div class=\"markdown prose dark:prose-invert wrap-break-word w-full light markdown-new-styling\">\n

<h2 data-start=\"0\" data-end=\"57\">Summary: Five security recommendations to get you started<\/h2>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/section>\n<\/div>\n<\/div>\n

<div class=\"\" data-turn-id-container=\"580e4ad9-d9b6-4de1-90a9-9578d40c476a\" data-is-intersecting=\"true\">\n

<section class=\"text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-(--sticky-padding-top)\" dir=\"auto\" data-turn-id=\"580e4ad9-d9b6-4de1-90a9-9578d40c476a\" data-turn-id-container=\"580e4ad9-d9b6-4de1-90a9-9578d40c476a\" data-testid=\"conversation-turn-75\" data-turn=\"user\"><\/section>\n<\/div>\n

<div class=\"\" data-turn-id-container=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-37\" data-is-intersecting=\"true\">\n

<section class=\"text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]\" dir=\"auto\" data-turn-id=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-37\" data-turn-id-container=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-37\" data-testid=\"conversation-turn-76\" data-turn=\"assistant\">\n

<div class=\"text-base my-auto mx-auto pb-10 [--thread-content-margin:var(--thread-content-margin-xs,calc(var(--spacing)*4))] @w-sm\/main:[--thread-content-margin:var(--thread-content-margin-sm,calc(var(--spacing)*6))] @w-lg\/main:[--thread-content-margin:var(--thread-content-margin-lg,calc(var(--spacing)*16))] px-(--thread-content-margin)\">\n

<div data-conversation-screenshot-content=\"\" class=\"[--thread-content-max-width:40rem] @w-lg\/main:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group\/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn\">\n

<div class=\"flex max-w-full flex-col gap-4 grow\">\n

<div data-message-author-role=\"assistant\" data-message-id=\"efd19e8f-1a9d-42f4-b808-3c4f86021724\" dir=\"auto\" data-message-model-slug=\"gpt-5-5-thinking\" class=\"min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal outline-none keyboard-focused:focus-ring [.text-message+&amp;]:mt-1\" data-turn-start-message=\"true\" tabindex=\"0\">\n

<div class=\"flex w-full flex-col gap-1 empty:hidden\">\n

<div class=\"markdown prose dark:prose-invert wrap-break-word w-full light markdown-new-styling\">\n

<p data-start=\"0\" data-end=\"242\">Mads\u2019 key point is that agentic coding is rapidly making its way into development environments. In many organisations, it is already in use \u2014 perhaps in yours too. That is why the work on security, governance, and risk management cannot wait. Start here:<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/section>\n<\/div>\n

<ul>\n

<li data-start=\"0\" data-end=\"148\"><strong data-start=\"0\" data-end=\"20\">Get started now.<\/strong> Do not wait for the perfect framework. Set the direction, expectations, and boundaries while you learn, and adapt continuously.<\/li>\n

<li data-start=\"150\" data-end=\"330\"><strong data-start=\"150\" data-end=\"182\">Start with the threat model.<\/strong> Get an overview of what needs to be protected, which data flows where, which components are part of your setup, and where something could go wrong.<\/li>\n

<li data-start=\"332\" data-end=\"539\"><strong data-start=\"332\" data-end=\"367\">Upskill and involve developers.<\/strong> Security needs to fit the way developers actually work. That is why they should be involved from the start \u2014 as users, sparring partners, and co-creators of the framework.<\/li>\n

<li data-start=\"541\" data-end=\"746\"><strong data-start=\"541\" data-end=\"601\">Set clear boundaries for governance and risk management.<\/strong> It should not be up to the individual developer to assess which plugins, MCP servers, skills, CLI tools, or external services are secure enough.<\/li>\n

<li data-start=\"748\" data-end=\"990\"><strong data-start=\"748\" data-end=\"807\">Enforce the framework with technical security measures.<\/strong> Use sandboxes, containers, security scans, agent hooks, and approval gates so the agent cannot freely access files, credentials, production data, or critical systems without control.<\/li>\n<\/ul>\n

<p data-start=\"0\" data-end=\"339\">Initially, it is the responsibility of the organisation and management to create a secure framework. Not the individual developer\u2019s. Because agentic coding is going to play a bigger role, and the organisations that get started now will be in a stronger position than those that only react once the AI agent has already been given the keys.<\/p>\n

<p data-start=\"341\" data-end=\"422\" data-is-last-node=\"\" data-is-only-node=\"\">Mads concludes with a reminder that not everyone is starting from the same place:<\/p>","margin":"default"}},{"type":"quotation","props":{"author":"Mads concludes.","content":"

<div class=\"\" data-turn-id-container=\"68e98af2-3f61-4d76-a2ab-09c7a8198726\" data-is-intersecting=\"true\">\n

<section class=\"text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-(--sticky-padding-top)\" dir=\"auto\" data-turn-id=\"68e98af2-3f61-4d76-a2ab-09c7a8198726\" data-turn-id-container=\"68e98af2-3f61-4d76-a2ab-09c7a8198726\" data-testid=\"conversation-turn-81\" data-turn=\"user\"><\/section>\n<\/div>\n

<div class=\"\" data-turn-id-container=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-40\" data-is-intersecting=\"true\">\n

<section class=\"text-token-text-primary w-full focus:outline-none has-data-writing-block:pointer-events-none [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]\" dir=\"auto\" data-turn-id=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-40\" data-turn-id-container=\"request-WEB:1ee432e2-e2d3-42e8-a0fa-190dc8b3c15c-40\" data-testid=\"conversation-turn-82\" data-turn=\"assistant\">\n

<div class=\"text-base my-auto mx-auto pb-10 [--thread-content-margin:var(--thread-content-margin-xs,calc(var(--spacing)*4))] @w-sm\/main:[--thread-content-margin:var(--thread-content-margin-sm,calc(var(--spacing)*6))] @w-lg\/main:[--thread-content-margin:var(--thread-content-margin-lg,calc(var(--spacing)*16))] px-(--thread-content-margin)\">\n

<div data-conversation-screenshot-content=\"\" class=\"[--thread-content-max-width:40rem] @w-lg\/main:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group\/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn\">\n

<div class=\"flex max-w-full flex-col gap-4 grow\">\n

<div data-message-author-role=\"assistant\" data-message-id=\"197c7d35-9916-4297-9594-657fa59b57bd\" dir=\"auto\" data-message-model-slug=\"gpt-5-5-thinking\" class=\"min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal outline-none keyboard-focused:focus-ring [.text-message+&amp;]:mt-1\" data-turn-start-message=\"true\" tabindex=\"0\">\n

<div class=\"flex w-full flex-col gap-1 empty:hidden\">\n

<div class=\"markdown prose dark:prose-invert wrap-break-word w-full light markdown-new-styling\">\n

<p data-start=\"0\" data-end=\"288\" data-is-last-node=\"\" data-is-only-node=\"\">\u201cIt is not enough to test on yourself or your three closest colleagues. The security measures need to work for the entire organisation in practice. Not everyone is an AI expert, and we need to be careful of blind spots. That is why it is so important to involve employees from the start.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/section>\n<\/div>"}},{"type":"image","props":{"image":"wp-content\/uploads\/2026\/06\/Mads-til-blog_portraet-scaled.jpg","image_alt":"Lead Security Engineer Mads Schaarup Andersen","image_svg_color":"emphasis","margin":"default"}}]}]}],"name":"Agentic coding "}],"version":"4.4.2","yooessentialsVersion":"2.2.14"} --></p>
<p>Indlægget <a href="https://mjolner.dk/en/uncategorized/agentic-coding/">Agentic Coding</a> blev først udgivet på <a href="https://mjolner.dk/en/">Mjølner</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Flexible electricity consumption could become crucial to the green transition</title>
		<link>https://mjolner.dk/en/blog/flexible-electricity-consumption-could-become-crucial-to-the-green-transition/</link>
		
		<dc:creator><![CDATA[Laura Birkebæk]]></dc:creator>
		<pubDate>Wed, 13 May 2026 09:56:09 +0000</pubDate>
				<category><![CDATA[Blog]]></category>
		<category><![CDATA[Energy and Utility]]></category>
		<category><![CDATA[Green Transition]]></category>
		<guid isPermaLink="false">https://mjolner.dk/?p=22381</guid>

					<description><![CDATA[<p>Flexible electricity consumption could become crucial to the green transition Flexible electricity consumption can deliver significant benefits to society when part of the consumption is moved away from the times when the electricity grid is under the greatest pressure. This is the main conclusion of two new reports that highlight why demand-side flexibility can play [&#8230;]</p>
<p>Indlægget <a href="https://mjolner.dk/en/blog/flexible-electricity-consumption-could-become-crucial-to-the-green-transition/">Flexible electricity consumption could become crucial to the green transition</a> blev først udgivet på <a href="https://mjolner.dk/en/">Mjølner</a>.</p>
]]></description>
										<content:encoded><![CDATA[<h1>
<p>Flexible electricity consumption could become crucial to the green transition</p>
</h1>
<div>
<p><strong>Flexible electricity consumption can deliver significant benefits to society when part of the consumption is moved away from the times when the electricity grid is under the greatest pressure. This is the main conclusion of two new reports that highlight why demand-side flexibility can play a crucial role in the green transition.</strong></p>
<p class="isSelectedEnd"><span>One report from <a href="https://cipfonden.dk/en/">CIP Foundation</a> examines the structural framework, potential and socio-economic benefits of flexible electricity consumption. Among other things, the report points out that an average household can save up to DKK 11,000 per year by moving its consumption to the times when electricity prices are lowest.</span></p>
<p><span>Together with the <a href="https://alexandra.dk/">Alexandra Institute</a>, Mjølner has contributed to the second report, ‘A greener and more flexible electricity consumption’, which takes a closer look at the digital foundation needed to make flexibility possible in practice. Here, we have analysed the digital solutions and technical prerequisites that can activate demand-side flexibility across electric vehicles, solar panels, home batteries and heat pumps.</span></p>
</div>
<blockquote>
<p>”Our analysis shows that data is not the challenge for the actors involved. Instead, a fragmented system landscape and lack of integrations create a barrier,”</p>
<footer>
<p>                <cite>says Jakob Hviid, Senior Solution Architect within Utility and Energy Services at Mjølner.</cite></p>
</footer>
</blockquote>
<div>
<p class="isSelectedEnd"><span>Providers of flexibility services are already succeeding today in controlling many different flexible devices and are using different technical architectures to handle data and technology challenges. However, the analysis shows that the different flexibility solutions optimise for different parameters.</span></p>
<p class="isSelectedEnd"><span>The control logic of the individual devices is not designed to be coordinated across systems. In short, this creates a home full of devices that each optimise according to their own goals, but not necessarily according to price or the electricity grid’s need for flexibility. When the devices are not coordinated, they may even end up working against each other.</span></p>
<p><span>So what can be done?</span></p>
</div>
<div>
<p class="isSelectedEnd"><span>8 recommendations for robust scaling of demand-side flexibility — in brief</span></p>
<p class="isSelectedEnd"><span>The analysis shows that there is great potential in making it easier to connect smaller, flexible devices to the energy system — for the benefit of both consumers and the electricity grid.</span></p>
<p class="isSelectedEnd"><span>But technical integration cannot stand alone. The recommendations should also be seen in light of three important considerations: digital sovereignty, cybersecurity and the risk of technological obsolescence.</span></p>
<p><span>A number of sound principles for technology development can therefore create the foundation for the more technical recommendations:</span></p>
<ol>
<li>
<p class="isSelectedEnd"><strong>Avoid becoming dependent on individual suppliers</strong></p>
<p><span>Heat pumps, batteries and electric vehicles often depend on manufacturers’ own cloud solutions and closed control systems. This can create dependency on individual suppliers and make solutions vulnerable if the technology, service or supplier changes. The market should therefore support multiple suppliers, open solutions and a real opportunity to switch suppliers.</span></p>
</li>
<li>
<p class="isSelectedEnd"><strong>Prioritise European and open solutions where possible</strong></p>
<p><span>European actors and open source solutions can help strengthen digital sovereignty and reduce dependency on individual foreign technology suppliers. However, this requires that the solutions can genuinely be operated and further developed independently &#8211; and do not simply resell closed services from others.</span></p>
</li>
<li>
<p class="isSelectedEnd"><strong>Create better opportunities for local control and disconnection</strong></p>
<p><span>Devices should, as far as possible, be able to function without a constant connection to the manufacturer’s cloud or remote control. Open APIs, local control options and documented integration interfaces make it easier to retain control, even if a cloud service changes, closes or is no longer available.</span></p>
</li>
<li>
<p class="isSelectedEnd"><strong>Create greater transparency around technology dependencies</strong></p>
<p><span>Many consumers, municipalities and other professional actors do not necessarily have a full overview of the dependencies and cyber risks that come with a solution. Independent audits and clear documentation can therefore make it easier to choose robust solutions and avoid hidden dependencies.</span></p>
</li>
<li>
<p class="isSelectedEnd"><strong>Think beyond the next software update</strong></p>
<p><span>Many flexible devices have a lifespan of 10–20 years, while software, cloud APIs and communication standards can change much faster. Solutions must therefore be built so they can be updated, maintained and integrated with new systems over time.</span></p>
</li>
<li>
<p class="isSelectedEnd"><strong>Make it easier to connect solutions</strong></p>
<p><span>If demand-side flexibility from smaller devices is to be scaled, more common and standardised integration protocols are needed. This will make it easier for suppliers to develop solutions that work across different brands and types of devices.</span></p>
</li>
<li>
<p class="isSelectedEnd"><strong>Build in security and robustness from the beginning</strong></p>
<p><span>When more smaller devices are connected and can be controlled flexibly, cybersecurity becomes even more important. There should therefore be clear requirements for access control, data protection, secure updates, network separation and documented system robustness.</span></p>
</li>
<li>
<p class="isSelectedEnd"><strong>Actively use European standards and initiatives</strong></p>
<p><span>European initiatives, common standards, data formats and protocols can help create more open and interoperable solutions. The more actors use them, the greater value they create for the market as a whole.</span></p>
</li>
</ol>
</div>
<div>
<h2 class="isSelectedEnd"><span>The Danish electricity grid is not an island</span></h2>
<p class="isSelectedEnd"><span>When Denmark strengthens demand-side flexibility, we should look beyond our own borders. Many of the technical frameworks and market principles needed to make flexible devices work together with the energy system are already being developed internationally &#8211; not least in the EU. It is therefore important that Danish solutions are built to fit into common European tracks, rather than ending up as isolated systems that later need to be rebuilt.</span></p>
<p class="isSelectedEnd"><span>This places demands on the way we design digital services. They must be adjustable and capable of further development as legislation, standards and technologies change. Otherwise, we risk locking ourselves into solutions that quickly become expensive to maintain or difficult to connect with the rest of the market.</span></p>
<p><span>At the same time, the analysis points out that the next step is not primarily about more data. It is more about better common rules of play for how devices, control systems, flexibility service providers and the energy system can communicate. Here, standardisation, interoperability and open integration options will be crucial.</span></p>
</div>
<blockquote>
<p>“It has been rewarding to work on our part of the report because it brings together several tracks that are often discussed separately: regulation, standards, data and local activation. When you look at them together, it becomes clearer both what is already in place and where the next choices lie. The report also points to several possible directions going forward, including how dynamic price signals can play a role,”</p>
<footer>
<p>                <cite>says Jakob Hviid.</cite></p>
</footer>
</blockquote>
<div>
<p>The small electrical devices we have in our homes may end up playing a major role in the electricity grid of the future. But this requires the solutions to be developed from the outset with security, digital control and long lifespan in mind.</p>
</div>
<div>
<h2 class="isSelectedEnd"><span>Read more in the two reports (only available in Danish)</span></h2>
<p class="isSelectedEnd"><a href="https://cipfonden.dk/wp-content/uploads/2026/04/Forbrugsfleksibilitet-som-fundament-for-den-groenne-omstilling-2026.pdf"><strong>Demand-side flexibility as a foundation for the green transition</strong></a></p>
<p class="isSelectedEnd"><span>CIP Foundation’s report presents insights and recommendations from a comprehensive analysis project with the purpose of describing the opportunities and barriers to activating demand-side flexibility all the way out in residential neighbourhoods. The report includes 10 recommendations for promoting demand-side flexibility in the Danish electricity grid. Read the report <a href="https://cipfonden.dk/wp-content/uploads/2026/05/Dataanalyse_CIP_April2026_final.pdf">here</a>.</span></p>
<p><a href="https://cipfonden.dk/wp-content/uploads/2026/04/Forbrugsfleksibilitet-som-fundament-for-den-groenne-omstilling-2026.pdf"><strong>A greener and more flexible electricity consumption</strong></a></p>
<p>In collaboration with the Alexandra Institute, Mjølner Informatics has analysed the digital solutions that can activate demand-side flexibility across electric vehicles, solar panels, home batteries and heat pumps. Digital solutions already exist, but the landscape is fragmented, and the full potential is far from being realised today. The report contains 8 general recommendations for promoting flexibility, ensuring digital sovereignty and cybersecurity, and avoiding technological obsolescence. In addition, the report includes 7 technical recommendations that point to concrete initiatives for promoting demand-side flexibility in practice. Read the report <a href="https://cipfonden.dk/wp-content/uploads/2026/05/Dataanalyse_CIP_April2026_final.pdf">here</a>.</p>
</div>
<div>
<h3>Let’s talk about digital transformation</h3>
<div>
<p>We help companies in the energy and utility sector develop digital solutions that strengthen operations, monitoring, integrations and market processes — and scale in step with the green transition.</p>
</div>
</div>
<div>
<h3>Email</h3>
</div>
<div>
<h3>Phone</h3>
</div>
<div>
<div class="_form_41"></div>
<p><script src="https://mjolnerinformatics.activehosted.com/f/embed.php?id=41" charset="utf-8"></script>
</div>
<p><span id="more-22381"></span><br />
<!-- {"type":"layout","children":[{"type":"section","props":{"image_position":"center-center","style":"default","title_breakpoint":"xl","title_position":"top-left","title_rotation":"left","vertical_align":"","width":"default"},"children":[{"type":"row","children":[{"type":"column","props":{"image_position":"center-center","position_sticky_breakpoint":"m"},"children":[{"type":"headline","props":{"content":"

<p>Flexible electricity consumption could become crucial to the green transition<\/p>","title_element":"h1"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p><strong>Flexible electricity consumption can deliver significant benefits to society when part of the consumption is moved away from the times when the electricity grid is under the greatest pressure. This is the main conclusion of two new reports that highlight why demand-side flexibility can play a crucial role in the green transition.<\/strong><\/p>\n

<p class=\"isSelectedEnd\"><span>One report from <a href=\"https:\/\/cipfonden.dk\/en\/\">CIP Foundation<\/a> examines the structural framework, potential and socio-economic benefits of flexible electricity consumption. Among other things, the report points out that an average household can save up to DKK 11,000 per year by moving its consumption to the times when electricity prices are lowest.<\/span><\/p>\n

<p><span>Together with the <a href=\"https:\/\/alexandra.dk\/\">Alexandra Institute<\/a>, Mj\u00f8lner has contributed to the second report, \u2018A greener and more flexible electricity consumption\u2019, which takes a closer look at the digital foundation needed to make flexibility possible in practice. Here, we have analysed the digital solutions and technical prerequisites that can activate demand-side flexibility across electric vehicles, solar panels, home batteries and heat pumps.<\/span><\/p>","margin":"default"}},{"type":"quotation","props":{"author":"says Jakob Hviid, Senior Solution Architect within Utility and Energy Services at Mj\u00f8lner.","content":"

<p>\u201dOur analysis shows that data is not the challenge for the actors involved. Instead, a fragmented system landscape and lack of integrations create a barrier,\u201d<\/p>"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p class=\"isSelectedEnd\"><span>Providers of flexibility services are already succeeding today in controlling many different flexible devices and are using different technical architectures to handle data and technology challenges. However, the analysis shows that the different flexibility solutions optimise for different parameters.<\/span><\/p>\n

<p class=\"isSelectedEnd\"><span>The control logic of the individual devices is not designed to be coordinated across systems. In short, this creates a home full of devices that each optimise according to their own goals, but not necessarily according to price or the electricity grid\u2019s need for flexibility. When the devices are not coordinated, they may even end up working against each other.<\/span><\/p>\n

<p><span>So what can be done?<\/span><\/p>","margin":"default"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p class=\"isSelectedEnd\"><span>8 recommendations for robust scaling of demand-side flexibility \u2014 in brief<\/span><\/p>\n

<p class=\"isSelectedEnd\"><span>The analysis shows that there is great potential in making it easier to connect smaller, flexible devices to the energy system \u2014 for the benefit of both consumers and the electricity grid.<\/span><\/p>\n

<p class=\"isSelectedEnd\"><span>But technical integration cannot stand alone. The recommendations should also be seen in light of three important considerations: digital sovereignty, cybersecurity and the risk of technological obsolescence.<\/span><\/p>\n

<p><span>A number of sound principles for technology development can therefore create the foundation for the more technical recommendations:<\/span><\/p>\n

<ol>\n

<li>\n

<p class=\"isSelectedEnd\"><strong>Avoid becoming dependent on individual suppliers<\/strong><\/p>\n

<p><span>Heat pumps, batteries and electric vehicles often depend on manufacturers\u2019 own cloud solutions and closed control systems. This can create dependency on individual suppliers and make solutions vulnerable if the technology, service or supplier changes. The market should therefore support multiple suppliers, open solutions and a real opportunity to switch suppliers.<\/span><\/p>\n<\/li>\n

<li>\n

<p class=\"isSelectedEnd\"><strong>Prioritise European and open solutions where possible<\/strong><\/p>\n

<p><span>European actors and open source solutions can help strengthen digital sovereignty and reduce dependency on individual foreign technology suppliers. However, this requires that the solutions can genuinely be operated and further developed independently - and do not simply resell closed services from others.<\/span><\/p>\n<\/li>\n

<li>\n

<p class=\"isSelectedEnd\"><strong>Create better opportunities for local control and disconnection<\/strong><\/p>\n

<p><span>Devices should, as far as possible, be able to function without a constant connection to the manufacturer\u2019s cloud or remote control. Open APIs, local control options and documented integration interfaces make it easier to retain control, even if a cloud service changes, closes or is no longer available.<\/span><\/p>\n<\/li>\n

<li>\n

<p class=\"isSelectedEnd\"><strong>Create greater transparency around technology dependencies<\/strong><\/p>\n

<p><span>Many consumers, municipalities and other professional actors do not necessarily have a full overview of the dependencies and cyber risks that come with a solution. Independent audits and clear documentation can therefore make it easier to choose robust solutions and avoid hidden dependencies.<\/span><\/p>\n<\/li>\n

<li>\n

<p class=\"isSelectedEnd\"><strong>Think beyond the next software update<\/strong><\/p>\n

<p><span>Many flexible devices have a lifespan of 10\u201320 years, while software, cloud APIs and communication standards can change much faster. Solutions must therefore be built so they can be updated, maintained and integrated with new systems over time.<\/span><\/p>\n<\/li>\n

<li>\n

<p class=\"isSelectedEnd\"><strong>Make it easier to connect solutions<\/strong><\/p>\n

<p><span>If demand-side flexibility from smaller devices is to be scaled, more common and standardised integration protocols are needed. This will make it easier for suppliers to develop solutions that work across different brands and types of devices.<\/span><\/p>\n<\/li>\n

<li>\n

<p class=\"isSelectedEnd\"><strong>Build in security and robustness from the beginning<\/strong><\/p>\n

<p><span>When more smaller devices are connected and can be controlled flexibly, cybersecurity becomes even more important. There should therefore be clear requirements for access control, data protection, secure updates, network separation and documented system robustness.<\/span><\/p>\n<\/li>\n

<li>\n

<p class=\"isSelectedEnd\"><strong>Actively use European standards and initiatives<\/strong><\/p>\n

<p><span>European initiatives, common standards, data formats and protocols can help create more open and interoperable solutions. The more actors use them, the greater value they create for the market as a whole.<\/span><\/p>\n<\/li>\n<\/ol>","margin":"default"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<h2 class=\"isSelectedEnd\"><span>The Danish electricity grid is not an island<\/span><\/h2>\n

<p class=\"isSelectedEnd\"><span>When Denmark strengthens demand-side flexibility, we should look beyond our own borders. Many of the technical frameworks and market principles needed to make flexible devices work together with the energy system are already being developed internationally - not least in the EU. It is therefore important that Danish solutions are built to fit into common European tracks, rather than ending up as isolated systems that later need to be rebuilt.<\/span><\/p>\n

<p class=\"isSelectedEnd\"><span>This places demands on the way we design digital services. They must be adjustable and capable of further development as legislation, standards and technologies change. Otherwise, we risk locking ourselves into solutions that quickly become expensive to maintain or difficult to connect with the rest of the market.<\/span><\/p>\n

<p><span>At the same time, the analysis points out that the next step is not primarily about more data. It is more about better common rules of play for how devices, control systems, flexibility service providers and the energy system can communicate. Here, standardisation, interoperability and open integration options will be crucial.<\/span><\/p>","margin":"default"}},{"type":"quotation","props":{"author":"says Jakob Hviid.","content":"

<p>\u201cIt has been rewarding to work on our part of the report because it brings together several tracks that are often discussed separately: regulation, standards, data and local activation. When you look at them together, it becomes clearer both what is already in place and where the next choices lie. The report also points to several possible directions going forward, including how dynamic price signals can play a role,\u201d<\/p>"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p>The small electrical devices we have in our homes may end up playing a major role in the electricity grid of the future. But this requires the solutions to be developed from the outset with security, digital control and long lifespan in mind.<\/p>","margin":"default"}}]}]}]},{"type":"section","props":{"image_position":"center-center","style":"primary","title_breakpoint":"xl","title_position":"top-left","title_rotation":"left","vertical_align":"middle","width":"default"},"children":[{"type":"row","children":[{"type":"column","props":{"image_position":"center-center","position_sticky_breakpoint":"m"},"children":[{"type":"text","props":{"column_breakpoint":"m","content":"

<h2 class=\"isSelectedEnd\"><span>Read more in the two reports (only available in Danish)<\/span><\/h2>\n

<p class=\"isSelectedEnd\"><a href=\"https:\/\/cipfonden.dk\/wp-content\/uploads\/2026\/04\/Forbrugsfleksibilitet-som-fundament-for-den-groenne-omstilling-2026.pdf\"><strong>Demand-side flexibility as a foundation for the green transition<\/strong><\/a><\/p>\n

<p class=\"isSelectedEnd\"><span>CIP Foundation\u2019s report presents insights and recommendations from a comprehensive analysis project with the purpose of describing the opportunities and barriers to activating demand-side flexibility all the way out in residential neighbourhoods. The report includes 10 recommendations for promoting demand-side flexibility in the Danish electricity grid. Read the report <a href=\"https:\/\/cipfonden.dk\/wp-content\/uploads\/2026\/05\/Dataanalyse_CIP_April2026_final.pdf\">here<\/a>.<\/span><\/p>\n

<p><a href=\"https:\/\/cipfonden.dk\/wp-content\/uploads\/2026\/04\/Forbrugsfleksibilitet-som-fundament-for-den-groenne-omstilling-2026.pdf\"><strong>A greener and more flexible electricity consumption<\/strong><\/a><\/p>\n

<p>In collaboration with the Alexandra Institute, Mj\u00f8lner Informatics has analysed the digital solutions that can activate demand-side flexibility across electric vehicles, solar panels, home batteries and heat pumps. Digital solutions already exist, but the landscape is fragmented, and the full potential is far from being realised today. The report contains 8 general recommendations for promoting flexibility, ensuring digital sovereignty and cybersecurity, and avoiding technological obsolescence. In addition, the report includes 7 technical recommendations that point to concrete initiatives for promoting demand-side flexibility in practice. Read the report <a href=\"https:\/\/cipfonden.dk\/wp-content\/uploads\/2026\/05\/Dataanalyse_CIP_April2026_final.pdf\">here<\/a>.<\/p>","margin":"default"}}]}]}]},{"type":"section","props":{"image_position":"center-center","style":"default","title_breakpoint":"xl","title_position":"top-left","title_rotation":"left","vertical_align":"middle","width":"default"},"children":[{"type":"row","props":{"layout":"1-2,1-2"},"children":[{"type":"column","props":{"image_position":"center-center","position_sticky_breakpoint":"m","width_medium":"1-2"},"children":[{"type":"panel","props":{"content":"

<p>We help companies in the energy and utility sector develop digital solutions that strengthen operations, monitoring, integrations and market processes \u2014 and scale in step with the green transition.<\/p>","content_column_breakpoint":"m","icon_width":80,"image_align":"top","image_grid_breakpoint":"m","image_grid_width":"1-2","image_svg_color":"emphasis","link_style":"default","link_text":"Read more","margin":"default","meta_align":"below-title","meta_element":"div","meta_style":"text-meta","title":"Let\u2019s talk about digital transformation","title_align":"top","title_element":"h3","title_grid_breakpoint":"m","title_grid_width":"1-2","title_hover_style":"reset","title_style":"h3"}},{"type":"fragment","children":[{"type":"row","props":{"layout":"1-2,1-2"},"children":[{"type":"column","props":{"image_position":"center-center","position_sticky_breakpoint":"m","width_medium":"1-2"},"children":[{"type":"image","props":{"image_border":"rounded","image_height":"800","image_svg_color":"emphasis","image_width":"600","margin":"default"},"source":{"query":{"name":"#parent"},"props":{"image":{"filters":{"search":""},"name":"field.billede.url"}}}}]},{"type":"column","props":{"image_position":"center-center","position_sticky_breakpoint":"m","width_medium":"1-2"},"children":[{"type":"panel","props":{"content_column_breakpoint":"m","content_margin":"remove","icon_width":80,"image_align":"top","image_grid_breakpoint":"m","image_grid_width":"1-2","image_svg_color":"emphasis","link_style":"default","link_text":"Read more","margin":"default","meta_align":"below-title","meta_element":"div","meta_style":"text-meta","title_align":"top","title_element":"h3","title_grid_breakpoint":"m","title_grid_width":"1-2","title_hover_style":"reset","title_style":"h5"},"source":{"query":{"name":"#parent"},"props":{"title":{"filters":{"search":""},"name":"title"},"content":{"filters":{"search":""},"name":"field.titel"}}}},{"type":"panel","props":{"content_column_breakpoint":"m","content_margin":"remove","icon_width":80,"image_align":"top","image_grid_breakpoint":"m","image_grid_width":"1-2","image_svg_color":"emphasis","link_style":"default","link_text":"","margin":"default","meta_align":"below-title","meta_element":"div","meta_style":"text-meta","panel_link":true,"title":"Email","title_align":"top","title_element":"h3","title_grid_breakpoint":"m","title_grid_width":"1-2","title_hover_style":"reset","title_style":"h6"},"source":{"query":{"name":"#parent"},"props":{"content":{"filters":{"search":""},"name":"field.e_mail"},"link":{"filters":{"search":"","before":"Mailto:"},"name":"field.e_mail"}}}},{"type":"panel","props":{"content_column_breakpoint":"m","content_margin":"remove","icon_width":80,"image_align":"top","image_grid_breakpoint":"m","image_grid_width":"1-2","image_svg_color":"emphasis","link_style":"default","link_text":"","margin":"default","meta_align":"below-title","meta_element":"div","meta_style":"text-meta","panel_link":true,"title":"Phone","title_align":"top","title_element":"h3","title_grid_breakpoint":"m","title_grid_width":"1-2","title_hover_style":"reset","title_style":"h6"},"source":{"query":{"name":"#parent"},"props":{"content":{"filters":{"search":""},"name":"field.telefon"},"link":{"filters":{"search":"","before":"Tel:"},"name":"field.telefon"}}}}]}]}],"props":{"margin":"default"},"name":"kontaktformular EN","source":{"query":{"name":"medarbejdere.customTeam","arguments":{"terms":[],"category_operator":"IN","users":[],"users_operator":"IN","offset":0,"order":"date","order_direction":"DESC","id":12493}}}}]},{"type":"column","props":{"image_position":"center-center","position_sticky_breakpoint":"m","width_medium":"1-2"},"children":[{"type":"html","props":{"content":"

<div class=\"_form_41\"><\/div><script src=\"https:\/\/mjolnerinformatics.activehosted.com\/f\/embed.php?id=41\" charset=\"utf-8\"><\/script>"},"name":"HTML EN"}]}]}]}],"version":"4.4.2","yooessentialsVersion":"2.2.14"} --></p>
<p>Indlægget <a href="https://mjolner.dk/en/blog/flexible-electricity-consumption-could-become-crucial-to-the-green-transition/">Flexible electricity consumption could become crucial to the green transition</a> blev først udgivet på <a href="https://mjolner.dk/en/">Mjølner</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>When IT and OT meet: 3 classic mistakes management should avoid</title>
		<link>https://mjolner.dk/en/blog/when-it-and-ot-meet-3-classic-mistakes-management-should-avoid/</link>
		
		<dc:creator><![CDATA[Laura Birkebæk]]></dc:creator>
		<pubDate>Tue, 12 May 2026 07:25:48 +0000</pubDate>
				<category><![CDATA[Blog]]></category>
		<category><![CDATA[Energy and Utility]]></category>
		<category><![CDATA[IT security]]></category>
		<category><![CDATA[IT/OT]]></category>
		<category><![CDATA[Operational Technology]]></category>
		<guid isPermaLink="false">https://mjolner.dk/?p=22331</guid>

					<description><![CDATA[<p>When IT and OT meet: 3 classic mistakes management should avoid Many energy and utility companies have significantly strengthened their work with cybersecurity in recent years. But as data, integrations and digital tools move closer to physical operations, a new management challenge emerges: How do you create security when IT and OT systems can no [&#8230;]</p>
<p>Indlægget <a href="https://mjolner.dk/en/blog/when-it-and-ot-meet-3-classic-mistakes-management-should-avoid/">When IT and OT meet: 3 classic mistakes management should avoid</a> blev først udgivet på <a href="https://mjolner.dk/en/">Mjølner</a>.</p>
]]></description>
										<content:encoded><![CDATA[<h1>
<p>When IT and OT meet: 3 classic mistakes management should avoid</p>
</h1>
<div>
<p class="isSelectedEnd"><span>Many energy and utility companies have significantly strengthened their work with cybersecurity in recent years. But as data, integrations and digital tools move closer to physical operations, a new management challenge emerges:</span></p>
<p><strong>How do you create security when IT and OT systems can no longer be considered separately?</strong></p>
</div>
<div>
<p class="isSelectedEnd"><span>This question is becoming increasingly important in the energy and utility sector, where digital solutions are becoming an integral part of critical operations. And as the dependencies between IT and OT grow and become increasingly important to critical operations, it becomes clear that classic IT measures do not always work as intended in OT environments.</span></p>
<p class="isSelectedEnd"><span>On the contrary, security measures that make good sense in administrative systems can create new problems when transferred directly into production and operations.</span></p>
<p><span>The perspectives in this post are based on experience and recommendations from Mjølner’s domain experts within the energy and utility sector, <a href="https://www.linkedin.com/in/jakobhviid/">Jakob Hviid</a> and <a href="https://www.linkedin.com/in/andr%C3%A9-bryde-alnor-664ba615/">André Bryde Alnor</a>, as well as our partner <a href="https://www.linkedin.com/in/jhartig/">Jørgen Hartig</a> from <a href="https://securiot.dk/frontpage/">SecuriOT</a>.</span></p>
<p class="isSelectedEnd"><span>In a previous post, we gathered 5 concrete recommendations for management on OT security. You can read it <a href="https://mjolner.dk/en/blog/0t-security-5-tips-for-management/">here</a>.</span></p>
<p><span>In this post, we focus on 3 classic mistakes management should avoid when IT and OT meet.</span></p>
</div>
<div>
</div>
<div>
<h2><strong>1. Treating OT like ordinary IT security</strong></h2>
<p class="isSelectedEnd"><span>The first mistake is to assume that OT can be secured using the same toolbox as IT.</span></p>
<p class="isSelectedEnd"><span>At first glance, that seems logical. If something is cyber-related, IT security must be the natural answer. But there is a crucial difference: in IT, security is typically about protecting data, users and systems. In OT, security is largely about keeping operations running, ensuring uptime and preventing errors or attacks from having physical consequences.</span></p>
<p><span>OT security is therefore not only a question of protecting against malware or unauthorised access. It is also about ensuring that the company can continue operating when something goes wrong:</span></p>
</div>
<blockquote>
<p>“The overriding focus areas are uptime and safety, meaning the safety of our employees. Uptime can be affected by many things, and malware can of course be one of them. But handling physical hardware failures in the supply chain, access to backup and contingency plans are major focus areas in OT. That is why the starting point for OT security is different,”</p>
<footer>
<p>                <cite>explains Jørgen Hartig, Director, Strategic Advisor and Partner at SecuriOT.</cite></p>
</footer>
</blockquote>
<div>
<p class="isSelectedEnd"><span>This is a crucial difference. While IT security often starts with access, data and system protection, OT security largely starts with the ability of operations to continue &#8211; even when something fails.</span></p>
<p><span>Jakob Hviid, Senior Solution Architect at Mjølner, points to the same fundamental difference between the two worlds. While IT can often respond to an incident by shutting down, isolating or rapidly changing systems, the premise is different in OT:</span></p>
</div>
<blockquote>
<p>“In the OT world, it is about how you maintain the highest possible uptime. Security has a different perspective. It is also about physical infrastructure, spare parts, redundancy and contingency plans.”</p>
</blockquote>
<div>
<p>Jørgen points out that classic IT requirements can create new risks if they are transferred directly to OT. He mentions an example from a company where a strict password policy was also applied on the production line, requiring operators working in three-shift rotation to log in with long passwords on an HMI interface. In an administrative IT context, that may seem sensible. But in an operational situation where fast action is required, it can have the opposite effect:</p>
</div>
<blockquote>
<p>“The operator controlling this tank may not be able to remember their 13-character password in a critical situation. That could mean the tank explodes. It simply does not make sense.”</p>
</blockquote>
<div>
<p class="isSelectedEnd"><span>Jørgen’s point is simple: A strong password requirement may be sensible in an administrative system, but it can create a new risk in a critical operational situation where an operator needs to react quickly. When a security control is designed based on IT logic alone, it may come into conflict with the reality of OT.</span></p>
<p class="isSelectedEnd"><span>This does not mean that classic IT controls are wrong. But it does mean that they cannot be copied directly into OT without being assessed in the right context.</span></p>
<p><span>For management, the lesson is clear: Security in OT must be assessed based on its consequences for operations, uptime and physical safety &#8211; not only based on whether the control looks right on paper.</span></p>
</div>
<div>
</div>
<div>
<h2><strong>2. Underestimating how integration between IT and OT changes the risk landscape</strong></h2>
<p class="isSelectedEnd"><span>The second mistake is to see integration between IT and OT systems as a pure gain.</span></p>
<p class="isSelectedEnd"><span>In practice, integration offers significant benefits. Data from plants and operations can be used for analysis, planning, troubleshooting, decision support and optimisation. It is an important part of the sector’s digital development.</span></p>
<p><span>André Bryde Alnor, Energy Solution Strategist at Mjølner, highlights that more and more digital solutions today are built on operational data:</span></p>
</div>
<blockquote>
<p>”There are more and more decision-support tools being built for people working in control centres, owning a fleet of assets or maintaining facilities &#8211; and they are deeply dependent on data from OT environments.”</p>
</blockquote>
<div>
<p class="isSelectedEnd"><span>This creates major opportunities. But it also creates new dependencies.</span></p>
<p class="isSelectedEnd"><span>When more systems, suppliers and business-critical processes are connected, the risk landscape becomes more complex. A decision about digitalisation is therefore not only a technical decision. It is also a management decision about risk, responsibility and resilience.</span></p>
<p><span>For André, the central question is therefore how companies can realise the benefits of modern architecture and better decision support without weakening security:</span></p>
</div>
<blockquote>
<p>”How do you move towards a more modern architecture, and how can you create decision support with modern tools &#8211; without compromising security?”</p>
</blockquote>
<div>
<p>In other words, digitalisation should not be stopped. But it must be carried out with an understanding of the new dependencies it creates.</p>
</div>
<blockquote>
<p>”When IT and OT become more closely connected, some of the scenarios that were previously less likely suddenly become more realistic,”</p>
<footer>
<p>                <cite>André emphasises. </cite></p>
</footer>
</blockquote>
<div>
<p class="isSelectedEnd"><span>This applies, for example, to supplier access, remote support, data exchange and other connections established to support efficient operations.</span></p>
<p class="isSelectedEnd"><span>This is an important point for management. Many of the solutions that create value in day-to-day operations can also open up new vulnerabilities.</span></p>
<p class="isSelectedEnd"><span>Jørgen points, for example, to how external supplier connections often arise for entirely legitimate reasons: faster support, less downtime and more stable operations. The problem is not the intention. The problem is that the solution can also create a new path into the OT environment.</span></p>
<p><span>That is why management should not only ask what digital opportunities the integration creates. They should also ask:</span></p>
<ul>
<li>Where do IT and OT meet in our organisation</li>
<li>Which connections and dependencies do we have?</li>
<li>Which practical shortcuts in operations may become potential attack surfaces?</li>
<li>What do we do if an important connection, supplier or solution suddenly stops working?</li>
</ul>
</div>
<div>
</div>
<div>
<h2><strong>3. Placing responsibility in one silo</strong></h2>
<p class="isSelectedEnd"><span>The third mistake is organisational.</span></p>
<p class="isSelectedEnd"><span>As OT security receives more attention, a natural question arises: Who is responsible?</span></p>
<p class="isSelectedEnd"><span>And here, many organisations see the same tendency. Responsibility is placed in one function &#8211; often where the word “security” already exists. But if OT security is placed too narrowly, the company risks assigning the task to someone who only understands one half of the problem.</span></p>
<p><span>André Alnor puts it very directly:</span></p>
</div>
<blockquote>
<p>“If you place responsibility with someone who does not understand the task, you have a major problem.”</p>
</blockquote>
<div>
<p>That is precisely the challenge at the intersection of IT and OT. A classic IT security function may be strong in cyber disciplines, access control and network protection &#8211; but lack the necessary understanding of operations, contingency planning and physical infrastructure. Conversely, an operations function may have a strong focus on uptime and continuity, but not necessarily be equipped to handle the cyber threats that follow from digitalisation and integration.</p>
</div>
<blockquote>
<p>“The most important thing is to assign responsibility. Someone needs to have the mandate to drive OT security, bring the right people together and identify the people who need to be involved in developing an OT security programme that is embedded in the organisation’s processes and becomes an active part of workflows in OT,”</p>
<footer>
<p>                <cite>Jørgen emphasises.</cite></p>
</footer>
</blockquote>
<div>
<p class="isSelectedEnd"><span>The “bridge” between IT and OT is not something you can simply take off the shelf. It has to be built organisationally.</span></p>
<p class="isSelectedEnd"><span>For management, this means that OT security should not be reduced to either a purely IT matter or a purely operational issue. It requires a structure where someone has the mandate to bring the perspectives together, coordinate the effort and raise the right risks to management.</span></p>
<p class="isSelectedEnd"><span>But responsibility must not become a silo. It must create coherence between the functions that each hold part of the problem: management, IT, operations, contingency planning, risk management and supplier management.</span></p>
<h2 class="isSelectedEnd"><span>What does this mean for management?</span></h2>
<p class="isSelectedEnd"><span>When IT and OT meet, it is not enough to ask whether security is strong enough. Management must also ask whether security has been thought through in the right way.</span></p>
<p><span>Among other things, this means:</span></p>
<ul>
<li>OT security must be assessed based on the reality of operations</li>
<li>Integration between IT and OT must be seen as both a benefit and a new risk surface</li>
<li>Responsibility must be anchored in a way that builds bridges between disciplines rather than reinforcing silos</li>
</ul>
<p class="isSelectedEnd"><span>That is ultimately the most important point.</span></p>
<p class="isSelectedEnd"><span>Good security is not necessarily the control that looks strongest on paper. It is the solution that protects the organisation without undermining its ability to function.</span></p>
<p class="isSelectedEnd"><span>In the energy and utility sector, security is not only about data. It is also about operations, uptime and critical functions in society.</span></p>
<p class="isSelectedEnd"><span>That is why classic IT measures cannot stand alone when OT becomes a larger part of the digital risk landscape.</span></p>
<p><span>When IT and OT meet, management must understand both worlds. Otherwise, they risk creating new problems in the attempt to solve the old ones.</span></p>
</div>
<div>
<h3>Do you want to strengthen OT security without disrupting operations?</h3>
<div>
<p>When IT and OT converge, there is rarely a one-size-fits-all solution. Have a no-obligation conversation with André about how you can strengthen OT security without compromising operations, uptime and safety.</p>
</div>
</div>
<div>
<h3>Email</h3>
<p>aba@mjolner.dk</p>
</div>
<div>
<h3>Phone</h3>
<p>+45 23 46 04 45</p>
</div>
<div>
<div class="_form_41"></div>
<p><script src="https://mjolnerinformatics.activehosted.com/f/embed.php?id=41" charset="utf-8"></script>
</div>
<p><span id="more-22331"></span><br />
<!-- {"type":"layout","children":[{"type":"section","props":{"image_position":"center-center","style":"default","title_breakpoint":"xl","title_position":"top-left","title_rotation":"left","vertical_align":"","width":"default"},"children":[{"type":"row","children":[{"type":"column","props":{"image_position":"center-center","position_sticky_breakpoint":"m"},"children":[{"type":"headline","props":{"content":"

<p>When IT and OT meet: 3 classic mistakes management should avoid<\/p>","title_element":"h1"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p class=\"isSelectedEnd\"><span>Many energy and utility companies have significantly strengthened their work with cybersecurity in recent years. But as data, integrations and digital tools move closer to physical operations, a new management challenge emerges:<\/span><\/p>\n

<p><strong>How do you create security when IT and OT systems can no longer be considered separately?<\/strong><\/p>","margin":"default"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p class=\"isSelectedEnd\"><span>This question is becoming increasingly important in the energy and utility sector, where digital solutions are becoming an integral part of critical operations. And as the dependencies between IT and OT grow and become increasingly important to critical operations, it becomes clear that classic IT measures do not always work as intended in OT environments.<\/span><\/p>\n

<p class=\"isSelectedEnd\"><span>On the contrary, security measures that make good sense in administrative systems can create new problems when transferred directly into production and operations.<\/span><\/p>\n

<p><span>The perspectives in this post are based on experience and recommendations from Mj\u00f8lner\u2019s domain experts within the energy and utility sector, <a href=\"https:\/\/www.linkedin.com\/in\/jakobhviid\/\">Jakob Hviid<\/a> and <a href=\"https:\/\/www.linkedin.com\/in\/andr%C3%A9-bryde-alnor-664ba615\/\">Andr\u00e9 Bryde Alnor<\/a>, as well as our partner <a href=\"https:\/\/www.linkedin.com\/in\/jhartig\/\">J\u00f8rgen Hartig<\/a> from <a href=\"https:\/\/securiot.dk\/frontpage\/\">SecuriOT<\/a>.<\/span><\/p>\n

<p class=\"isSelectedEnd\"><span>In a previous post, we gathered 5 concrete recommendations for management on OT security. You can read it <a href=\"https:\/\/mjolner.dk\/en\/blog\/0t-security-5-tips-for-management\/\">here<\/a>.<\/span><\/p>\n

<p><span>In this post, we focus on 3 classic mistakes management should avoid when IT and OT meet.<\/span><\/p>","margin":"default"}},{"type":"html","props":{"content":"

"},"name":"\u2013 ekstra luft \u2013"},{"type":"text","props":{"column_breakpoint":"m","content":"

<h2><strong>1. Treating OT like ordinary IT security<\/strong><\/h2>\n

<p class=\"isSelectedEnd\"><span>The first mistake is to assume that OT can be secured using the same toolbox as IT.<\/span><\/p>\n

<p class=\"isSelectedEnd\"><span>At first glance, that seems logical. If something is cyber-related, IT security must be the natural answer. But there is a crucial difference: in IT, security is typically about protecting data, users and systems. In OT, security is largely about keeping operations running, ensuring uptime and preventing errors or attacks from having physical consequences.<\/span><\/p>\n

<p><span>OT security is therefore not only a question of protecting against malware or unauthorised access. It is also about ensuring that the company can continue operating when something goes wrong:<\/span><\/p>","margin":"default"}},{"type":"quotation","props":{"author":"explains J\u00f8rgen Hartig, Director, Strategic Advisor and Partner at SecuriOT.","content":"

<p>\u201cThe overriding focus areas are uptime and safety, meaning the safety of our employees. Uptime can be affected by many things, and malware can of course be one of them. But handling physical hardware failures in the supply chain, access to backup and contingency plans are major focus areas in OT. That is why the starting point for OT security is different,\u201d<\/p>"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p class=\"isSelectedEnd\"><span>This is a crucial difference. While IT security often starts with access, data and system protection, OT security largely starts with the ability of operations to continue - even when something fails.<\/span><\/p>\n

<p><span>Jakob Hviid, Senior Solution Architect at Mj\u00f8lner, points to the same fundamental difference between the two worlds. While IT can often respond to an incident by shutting down, isolating or rapidly changing systems, the premise is different in OT:<\/span><\/p>","margin":"default"}},{"type":"quotation","props":{"content":"

<p>\u201cIn the OT world, it is about how you maintain the highest possible uptime. Security has a different perspective. It is also about physical infrastructure, spare parts, redundancy and contingency plans.\u201d<\/p>"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p>J\u00f8rgen points out that classic IT requirements can create new risks if they are transferred directly to OT. He mentions an example from a company where a strict password policy was also applied on the production line, requiring operators working in three-shift rotation to log in with long passwords on an HMI interface. In an administrative IT context, that may seem sensible. But in an operational situation where fast action is required, it can have the opposite effect:<\/p>","margin":"default"}},{"type":"quotation","props":{"content":"

<p>\u201cThe operator controlling this tank may not be able to remember their 13-character password in a critical situation. That could mean the tank explodes. It simply does not make sense.\u201d<\/p>"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p class=\"isSelectedEnd\"><span>J\u00f8rgen\u2019s point is simple: A strong password requirement may be sensible in an administrative system, but it can create a new risk in a critical operational situation where an operator needs to react quickly. When a security control is designed based on IT logic alone, it may come into conflict with the reality of OT.<\/span><\/p>\n

<p class=\"isSelectedEnd\"><span>This does not mean that classic IT controls are wrong. But it does mean that they cannot be copied directly into OT without being assessed in the right context.<\/span><\/p>\n

<p><span>For management, the lesson is clear: Security in OT must be assessed based on its consequences for operations, uptime and physical safety - not only based on whether the control looks right on paper.<\/span><\/p>","margin":"default"}},{"type":"html","props":{"content":"

"},"name":"\u2013 ekstra luft \u2013"},{"type":"text","props":{"column_breakpoint":"m","content":"

<h2><strong>2. Underestimating how integration between IT and OT changes the risk landscape<\/strong><\/h2>\n

<p class=\"isSelectedEnd\"><span>The second mistake is to see integration between IT and OT systems as a pure gain.<\/span><\/p>\n

<p class=\"isSelectedEnd\"><span>In practice, integration offers significant benefits. Data from plants and operations can be used for analysis, planning, troubleshooting, decision support and optimisation. It is an important part of the sector\u2019s digital development.<\/span><\/p>\n

<p><span>Andr\u00e9 Bryde Alnor, Energy Solution Strategist at Mj\u00f8lner, highlights that more and more digital solutions today are built on operational data:<\/span><\/p>","margin":"default"}},{"type":"quotation","props":{"content":"

<p>\u201dThere are more and more decision-support tools being built for people working in control centres, owning a fleet of assets or maintaining facilities - and they are deeply dependent on data from OT environments.\u201d<\/p>"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p class=\"isSelectedEnd\"><span>This creates major opportunities. But it also creates new dependencies.<\/span><\/p>\n

<p class=\"isSelectedEnd\"><span>When more systems, suppliers and business-critical processes are connected, the risk landscape becomes more complex. A decision about digitalisation is therefore not only a technical decision. It is also a management decision about risk, responsibility and resilience.<\/span><\/p>\n

<p><span>For Andr\u00e9, the central question is therefore how companies can realise the benefits of modern architecture and better decision support without weakening security:<\/span><\/p>","margin":"default"}},{"type":"quotation","props":{"content":"

<p>\u201dHow do you move towards a more modern architecture, and how can you create decision support with modern tools - without compromising security?\u201d<\/p>"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p>In other words, digitalisation should not be stopped. But it must be carried out with an understanding of the new dependencies it creates.<\/p>","margin":"default"}},{"type":"quotation","props":{"author":"Andr\u00e9 emphasises. ","content":"

<p>\u201dWhen IT and OT become more closely connected, some of the scenarios that were previously less likely suddenly become more realistic,\u201d<\/p>"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p class=\"isSelectedEnd\"><span>This applies, for example, to supplier access, remote support, data exchange and other connections established to support efficient operations.<\/span><\/p>\n

<p class=\"isSelectedEnd\"><span>This is an important point for management. Many of the solutions that create value in day-to-day operations can also open up new vulnerabilities.<\/span><\/p>\n

<p class=\"isSelectedEnd\"><span>J\u00f8rgen points, for example, to how external supplier connections often arise for entirely legitimate reasons: faster support, less downtime and more stable operations. The problem is not the intention. The problem is that the solution can also create a new path into the OT environment.<\/span><\/p>\n

<p><span>That is why management should not only ask what digital opportunities the integration creates. They should also ask:<\/span><\/p>\n

<ul>\n

<li>Where do IT and OT meet in our organisation<\/li>\n

<li>Which connections and dependencies do we have?<\/li>\n

<li>Which practical shortcuts in operations may become potential attack surfaces?<\/li>\n

<li>What do we do if an important connection, supplier or solution suddenly stops working?<\/li>\n<\/ul>","margin":"default"}},{"type":"html","props":{"content":"

"},"name":"\u2013 ekstra luft \u2013"},{"type":"text","props":{"column_breakpoint":"m","content":"

<h2><strong>3. Placing responsibility in one silo<\/strong><\/h2>\n

<p class=\"isSelectedEnd\"><span>The third mistake is organisational.<\/span><\/p>\n

<p class=\"isSelectedEnd\"><span>As OT security receives more attention, a natural question arises: Who is responsible?<\/span><\/p>\n

<p class=\"isSelectedEnd\"><span>And here, many organisations see the same tendency. Responsibility is placed in one function - often where the word \u201csecurity\u201d already exists. But if OT security is placed too narrowly, the company risks assigning the task to someone who only understands one half of the problem.<\/span><\/p>\n

<p><span>Andr\u00e9 Alnor puts it very directly:<\/span><\/p>","margin":"default"}},{"type":"quotation","props":{"content":"

<p>\u201cIf you place responsibility with someone who does not understand the task, you have a major problem.\u201d<\/p>"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p>That is precisely the challenge at the intersection of IT and OT. A classic IT security function may be strong in cyber disciplines, access control and network protection - but lack the necessary understanding of operations, contingency planning and physical infrastructure. Conversely, an operations function may have a strong focus on uptime and continuity, but not necessarily be equipped to handle the cyber threats that follow from digitalisation and integration.<\/p>","margin":"default"}},{"type":"quotation","props":{"author":"J\u00f8rgen emphasises.","content":"

<p>\u201cThe most important thing is to assign responsibility. Someone needs to have the mandate to drive OT security, bring the right people together and identify the people who need to be involved in developing an OT security programme that is embedded in the organisation\u2019s processes and becomes an active part of workflows in OT,\u201d<\/p>"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p class=\"isSelectedEnd\"><span>The \u201cbridge\u201d between IT and OT is not something you can simply take off the shelf. It has to be built organisationally.<\/span><\/p>\n

<p class=\"isSelectedEnd\"><span>For management, this means that OT security should not be reduced to either a purely IT matter or a purely operational issue. It requires a structure where someone has the mandate to bring the perspectives together, coordinate the effort and raise the right risks to management.<\/span><\/p>\n

<p class=\"isSelectedEnd\"><span>But responsibility must not become a silo. It must create coherence between the functions that each hold part of the problem: management, IT, operations, contingency planning, risk management and supplier management.<\/span><\/p>\n

<h2 class=\"isSelectedEnd\"><span>What does this mean for management?<\/span><\/h2>\n

<p class=\"isSelectedEnd\"><span>When IT and OT meet, it is not enough to ask whether security is strong enough. Management must also ask whether security has been thought through in the right way.<\/span><\/p>\n

<p><span>Among other things, this means:<\/span><\/p>\n

<ul>\n

<li>OT security must be assessed based on the reality of operations<\/li>\n

<li>Integration between IT and OT must be seen as both a benefit and a new risk surface<\/li>\n

<li>Responsibility must be anchored in a way that builds bridges between disciplines rather than reinforcing silos<\/li>\n<\/ul>\n

<p class=\"isSelectedEnd\"><span>That is ultimately the most important point.<\/span><\/p>\n

<p class=\"isSelectedEnd\"><span>Good security is not necessarily the control that looks strongest on paper. It is the solution that protects the organisation without undermining its ability to function.<\/span><\/p>\n

<p class=\"isSelectedEnd\"><span>In the energy and utility sector, security is not only about data. It is also about operations, uptime and critical functions in society.<\/span><\/p>\n

<p class=\"isSelectedEnd\"><span>That is why classic IT measures cannot stand alone when OT becomes a larger part of the digital risk landscape.<\/span><\/p>\n

<p><span>When IT and OT meet, management must understand both worlds. Otherwise, they risk creating new problems in the attempt to solve the old ones.<\/span><\/p>","margin":"default","margin_remove_bottom":false}}]}]}]},{"type":"section","props":{"image_position":"center-center","padding_remove_top":true,"style":"default","title_breakpoint":"xl","title_position":"top-left","title_rotation":"left","vertical_align":"middle","width":"default"},"children":[{"type":"row","props":{"layout":"1-2,1-2"},"children":[{"type":"column","props":{"image_position":"center-center","position_sticky_breakpoint":"m","width_medium":"1-2"},"children":[{"type":"panel","props":{"content":"

<p>When IT and OT converge, there is rarely a one-size-fits-all solution. Have a no-obligation conversation with Andr\u00e9 about how you can strengthen OT security without compromising operations, uptime and safety.<\/p>","content_column_breakpoint":"m","icon_width":80,"image_align":"top","image_grid_breakpoint":"m","image_grid_width":"1-2","image_svg_color":"emphasis","link_style":"default","link_text":"Read more","margin":"default","meta_align":"below-title","meta_element":"div","meta_style":"text-meta","title":"Do you want to strengthen OT security without disrupting operations?","title_align":"top","title_element":"h3","title_grid_breakpoint":"m","title_grid_width":"1-2","title_hover_style":"reset","title_style":"h3"}},{"type":"fragment","children":[{"type":"row","props":{"layout":"1-2,1-2"},"children":[{"type":"column","props":{"image_position":"center-center","position_sticky_breakpoint":"m","width_medium":"1-2"},"children":[{"type":"image","props":{"image_border":"rounded","image_height":"800","image_svg_color":"emphasis","image_width":"600","margin":"default"},"source":{"query":{"name":"#parent"},"props":{"image":{"filters":{"search":""},"name":"field.billede.url"}}}}]},{"type":"column","props":{"image_position":"center-center","position_sticky_breakpoint":"m","width_medium":"1-2"},"children":[{"type":"panel","props":{"content_column_breakpoint":"m","content_margin":"remove","icon_width":80,"image_align":"top","image_grid_breakpoint":"m","image_grid_width":"1-2","image_svg_color":"emphasis","link_style":"default","link_text":"Read more","margin":"default","meta_align":"below-title","meta_element":"div","meta_style":"text-meta","title_align":"top","title_element":"h3","title_grid_breakpoint":"m","title_grid_width":"1-2","title_hover_style":"reset","title_style":"h5"},"source":{"query":{"name":"#parent"},"props":{"title":{"filters":{"search":""},"name":"title"},"content":{"filters":{"search":""},"name":"field.titel"}}}},{"type":"panel","props":{"content_column_breakpoint":"m","content_margin":"remove","icon_width":80,"image_align":"top","image_grid_breakpoint":"m","image_grid_width":"1-2","image_svg_color":"emphasis","link_style":"default","link_text":"","margin":"default","meta":"aba@mjolner.dk","meta_align":"below-title","meta_element":"div","meta_margin":"remove","meta_style":"text-large","panel_link":true,"title":"Email","title_align":"top","title_element":"h3","title_grid_breakpoint":"m","title_grid_width":"1-2","title_hover_style":"reset","title_style":"h6"},"source":{"query":{"name":"#parent"},"props":{"content":{"filters":{"search":""},"name":"field.e_mail"},"link":{"filters":{"search":"","before":"Mailto:"},"name":"field.e_mail"}}}},{"type":"panel","props":{"content_column_breakpoint":"m","content_margin":"remove","icon_width":80,"image_align":"top","image_grid_breakpoint":"m","image_grid_width":"1-2","image_svg_color":"emphasis","link_style":"default","link_text":"","margin":"default","meta":"+45 23 46 04 45","meta_align":"below-title","meta_element":"div","meta_margin":"remove","meta_style":"text-large","panel_link":true,"title":"Phone","title_align":"top","title_element":"h3","title_grid_breakpoint":"m","title_grid_width":"1-2","title_hover_style":"reset","title_style":"h6"},"source":{"query":{"name":"#parent"},"props":{"content":{"filters":{"search":""},"name":"field.telefon"},"link":{"filters":{"search":"","before":"Tel:"},"name":"field.telefon"}}}}]}]}],"props":{"margin":"default"},"name":"kontaktformular EN","source":{"query":{"name":"medarbejdere.customTeam","arguments":{"terms":[],"category_operator":"IN","users":[],"users_operator":"IN","offset":0,"order":"date","order_direction":"DESC","id":15864}}}}]},{"type":"column","props":{"image_position":"center-center","position_sticky_breakpoint":"m","width_medium":"1-2"},"children":[{"type":"html","props":{"content":"

<div class=\"_form_41\"><\/div><script src=\"https:\/\/mjolnerinformatics.activehosted.com\/f\/embed.php?id=41\" charset=\"utf-8\"><\/script>"},"name":"HTML EN"}]}]}]}],"version":"4.4.2","yooessentialsVersion":"2.2.14"} --></p>
<p>Indlægget <a href="https://mjolner.dk/en/blog/when-it-and-ot-meet-3-classic-mistakes-management-should-avoid/">When IT and OT meet: 3 classic mistakes management should avoid</a> blev først udgivet på <a href="https://mjolner.dk/en/">Mjølner</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>New risks, new requirements: 5 OT security tips for management</title>
		<link>https://mjolner.dk/en/blog/0t-security-5-tips-for-management/</link>
		
		<dc:creator><![CDATA[Laura Birkebæk]]></dc:creator>
		<pubDate>Wed, 15 Apr 2026 11:52:17 +0000</pubDate>
				<category><![CDATA[Blog]]></category>
		<category><![CDATA[Energy and Utility]]></category>
		<category><![CDATA[Insights]]></category>
		<category><![CDATA[IT security]]></category>
		<category><![CDATA[Critical Infrastructure]]></category>
		<category><![CDATA[IT/OT]]></category>
		<category><![CDATA[Operational Technology]]></category>
		<category><![CDATA[OT-security]]></category>
		<guid isPermaLink="false">https://mjolner.dk/?p=21657</guid>

					<description><![CDATA[<p>New risks, new requirements: 5 OT security tips for management Cybersecurity has become a strategic topic in the energy and utilities sector. In recent years, many organisations have significantly strengthened their IT security. But as digitalisation increasingly reaches production and operations, more are discovering an area where the overall picture is often less clear. That [&#8230;]</p>
<p>Indlægget <a href="https://mjolner.dk/en/blog/0t-security-5-tips-for-management/">New risks, new requirements: 5 OT security tips for management</a> blev først udgivet på <a href="https://mjolner.dk/en/">Mjølner</a>.</p>
]]></description>
										<content:encoded><![CDATA[<h1>
<p>New risks, new requirements: 5 OT security tips for management</p>
</h1>
<div>
<p>Cybersecurity has become a strategic topic in the energy and utilities sector. In recent years, many organisations have significantly strengthened their IT security. But as digitalisation increasingly reaches production and operations, more are discovering an area where the overall picture is often less clear.</p>
<p data-start="554" data-end="595">That area is<strong> OT — Operational Technology</strong>.</p>
<p data-start="597" data-end="981">OT covers the systems that control physical operations: production facilities, pumping stations, substations and control systems. This is where software meets physical infrastructure — and where the consequences of a security breach are not limited to data loss, but may include operational disruption or impacts on critical infrastructure. For management, this raises a key question:</p>
<p data-start="983" data-end="1069"><strong data-start="983" data-end="1069">How do you get started with OT security in a way that creates real business value?</strong></p>
<p data-start="1071" data-end="1284">The following five recommendations are based on the experience and advice of Mjølner’s domain experts in energy and utilities, <a href="https://www.linkedin.com/in/jakobhviid/">Jakob Hviid</a> and <a href="https://www.linkedin.com/in/andr%C3%A9-bryde-alnor-664ba615/">André Bryde Alnor</a>, as well as our partner <a href="https://www.linkedin.com/in/jhartig/">Jørgen Hartig</a> from <a href="https://securiot.dk/frontpage/">SecuriOT</a>.</p>
</div>
<div>
<h2>1. Assign clear ownership</h2>
<p data-start="1325" data-end="1388">One of the biggest challenges in OT security is organisational.</p>
<p data-start="1390" data-end="1538">In many organisations, the issue quickly ends up being passed around between departments: production points to IT, and IT points back to production.</p>
</div>
<blockquote>
<p>”The new troublemaker in the classroom is called OT cybersecurity &#8211; but it can be difficult to determine who should actually take the lead,”</p>
<footer>
<p>                <cite>says Jørgen Hartig, Director, Strategic Advisor and Partner at SecuriOT.</cite></p>
</footer>
</blockquote>
<div>
<p data-start="1758" data-end="1948">As a result, OT security often falls between several functions: operations, IT and cybersecurity. Everyone recognises the risk &#8211; but no one has the clear mandate to drive the effort forward.</p>
<p data-start="1950" data-end="2059">That is why OT security does not start with technology. It starts with a management decision about ownership.</p>
<p data-start="2061" data-end="2119">But where does it make sense to place that responsibility?</p>
<p data-start="2121" data-end="2369">Experience from many organisations shows that the role should rarely sit solely within a pure IT security function. OT security is largely about operations, uptime and physical infrastructure &#8211; and therefore requires an understanding of production.</p>
<p data-start="2371" data-end="2440">A good rule of thumb is to place responsibility with a function that:</p>
<p><strong>Understands operations and the value chain</strong><br data-start="2486" data-end="2489" />The person must be able to assess what is actually critical to production or supply.</p>
<p><strong>Can work across IT and operations</strong><br data-start="2612" data-end="2615" />OT security sits at the intersection of multiple disciplines. The role must be able to bring the organisation together, not reinforce silos.</p>
<p><strong>Has the mandate to escalate risk to management</strong><br data-start="2808" data-end="2811" />Ultimately, OT security is about business risk. The person responsible must therefore be able to translate technical issues into management decisions. In some organisations, the role sits with a CISO who has OT expertise. In others, it sits within operations or asset management, working closely with IT. The exact placement may vary &#8211; but the crucial thing is that responsibility is clear and supported by management.</p>
</div>
<div>
<h2>2. Understand the difference between IT security and OT security</h2>
<p>A classic pitfall is to treat OT security as a conventional IT security issue. The two areas operate on fundamentally different premises. In the IT world, security is typically centred on protecting data and systems. In the OT world, the primary focus is stable operations and physical safety.</p>
</div>
<blockquote>
<p>“In the IT world, a lot of the focus is on protecting data. In OT, security is very much about keeping the supply running,”</p>
<footer>
<p>                <cite>explains Jakob Hviid, Senior Solution Architect in Energy &#038; Utility at Mjølner.</cite></p>
</footer>
</blockquote>
<div>
<p>This also means that some traditional IT security measures do not necessarily fit directly into OT environments.</p>
</div>
<blockquote>
<p><span>“Imagine an operator in a critical situation who cannot remember their password. In OT, the consequences may be physical &#8211; not just digital,”</span></p>
<footer>
<p>                <cite>says Jørgen Hartig.</cite></p>
</footer>
</blockquote>
<div>
<p>The point is not that security matters less in OT &#8211; but that it must be designed around the operational reality of the utility.</p>
</div>
<div>
<h2><strong>3. Start with risk &#8211; not with what is easiest</strong></h2>
<p data-start="4283" data-end="4424">When organisations begin working with OT security, there is often a tendency to start with the things that are easiest to relate to, such as:</p>
<ul data-start="4426" data-end="4511">
<li data-start="4426" data-end="4465">fencing and physical access control</li>
<li data-start="4466" data-end="4490">network segmentation</li>
<li data-start="4491" data-end="4511">software backups</li>
</ul>
<p data-start="4513" data-end="4594">All three are important. But they are not necessarily where the risk is greatest.</p>
</div>
<blockquote>
<p>”Many organisations start with what they can see and understand — for example fences around facilities or network segmentation. But that is not necessarily where the greatest risk lies,”</p>
<footer>
<p>                <cite>says André Alnor, Energy Solution Strategist at Mjølner. </cite></p>
</footer>
</blockquote>
<div>
<p data-start="4844" data-end="4907">A more effective approach is to start with the risk assessment.</p>
<p data-start="4909" data-end="5031">A good first question is: <strong data-start="4935" data-end="5031">Which functions in our organisation absolutely must work for us to deliver our core service?</strong></p>
<p data-start="5033" data-end="5105">Once those essential functions have been identified, you can move on to:</p>
<ul data-start="5107" data-end="5223">
<li data-start="5107" data-end="5137">which systems support them</li>
<li data-start="5138" data-end="5173">which threats could affect them</li>
<li data-start="5174" data-end="5223">what the consequences would be if they failed</li>
</ul>
</div>
<blockquote>
<p>&#8220;You cannot protect what you do not know. Gaining visibility into the infrastructure is one of the most important first steps,&#8221;</p>
<footer>
<p>                <cite>explains Jørgen Hartig.</cite></p>
</footer>
</blockquote>
<div>
<p>Many organisations work with concrete threat scenarios &#8211; for example, what would happen if a central control system became unavailable for several days. That makes it much easier for management to prioritise investments, because the discussion is based on business risk rather than technology.</p>
<h2>4. IT and OT need to work more closely together</h2>
<p>Historically, OT environments have often been relatively isolated from the rest of the organisation’s systems. But as digitalisation and data analysis advance, the integration between IT and OT is becoming increasingly close.</p>
</div>
<blockquote>
<p>&#8220;The scenarios that used to be less likely are becoming more realistic as IT and OT become more integrated,&#8221;</p>
<footer>
<p>                <cite>says André Bryde Alnor.</cite></p>
</footer>
</blockquote>
<div>
<ol start="5"></ol>
<p data-start="6101" data-end="6322">This means that security work can no longer take place in silos. IT and OT specialists need to work more closely together, and management must ensure that the organisation has a structure that supports that collaboration.</p>
<h2 data-start="6101" data-end="6322">5. Find your maturity point &#8211; and build from there</h2>
<p data-start="6388" data-end="6740">Another important lesson from across the sector is that OT security cannot be implemented in one single, all-encompassing effort. This often becomes apparent when the work is driven by compliance requirements or regulation. The organisation tries to implement all controls at once and ends up with a large programme that is difficult to operationalise.</p>
<p data-start="6742" data-end="6830">A more realistic approach is to start from the organisation’s current level of maturity.</p>
</div>
<blockquote>
<p>”Start the journey where you are. Build it into your processes and move forward step by step, guided by standards,”</p>
<footer>
<p>                <cite>says André Bryde Alnor.</cite></p>
</footer>
</blockquote>
<div>
<p>In practice, that typically means establishing the basic processes first, working systematically with risk and continuously improving security over time. OT security is not a project with an end date. It is a discipline that evolves over time alongside technology, digitalisation and the threat landscape.</p>
<h2>Five key recommendations for management &#8211; in brief</h2>
<p data-start="7347" data-end="7483">If the sector’s experiences are boiled down to five key pieces of advice for management in energy and utility companies, they are these:</p>
<p data-start="7347" data-end="7483"><span role="text"><strong>1. Assign clear ownership of OT security</strong></span></p>
<p data-start="7347" data-end="7483">OT security often falls between operations and IT. Make sure one function has the mandate to lead the area and coordinate the effort across the organisation.</p>
<p data-start="7347" data-end="7483"><b>2. Start from business risk</b></p>
<p data-start="7347" data-end="7483">Do not start with the technology. Start with the question: What must not go wrong in our utility &#8211; and what would the consequences be if it did?</p>
<p data-start="7347" data-end="7483"><strong>3. Prioritise based on risk &#8211; not on what is easiest</strong></p>
<p data-start="7347" data-end="7483">Many organisations start with perimeter protection or network segmentation because it is concrete and visible. That matters &#8211; but it is not necessarily where the greatest risk lies. Let the risk assessment guide the effort.</p>
<p data-start="7347" data-end="7483"><strong data-start="8160" data-end="8204">4. Create visibility into your OT landscape</strong></p>
<p data-start="7347" data-end="7483">Management should ensure that the organisation has a realistic picture of its OT systems, connections and dependencies. You cannot protect what you do not know</p>
<p data-start="7347" data-end="7483"><span role="text"><strong data-start="8371" data-end="8423">5. Treat OT security as an ongoing maturity journey</strong></span></p>
<p data-start="7347" data-end="7483">OT security is never “finished”. Start from your current level, build structures and processes, and improve them continuously.</p>
</p>
</div>
<div>
<h2 data-start="8557" data-end="8601"><span role="text"><strong data-start="8560" data-end="8601">The worst thing you can do is nothing</strong></span></h2>
<p data-start="8603" data-end="8740">OT security can seem complex. Infrastructure, systems and suppliers have often evolved over many years, and there is rarely a simple fix.</p>
<p data-start="8742" data-end="8905">But that does not mean you should wait. Quite the opposite. For many organisations, the greatest risk is not starting too small &#8211; <strong>it is not getting started at all</strong>.</p>
<p data-start="8907" data-end="9044">As the sector’s experience shows, the most important step is to begin: create visibility and start working with risk in a structured way.</p>
<p data-start="9046" data-end="9088"><strong data-start="9046" data-end="9088">The worst thing you can do is nothing.</strong></p>
<p data-start="9046" data-end="9088">Do you want to dive deeper into the interaction between IT and OT? Then read our article: <a href="https://mjolner.dk/en/blog/when-it-and-ot-meet-3-classic-mistakes-management-should-avoid/">When IT and OT meet: 3 classic mistakes management should avoid</a>.</p>
<p data-start="9046" data-end="9088">
</div>
<div>
<h3>Want to know more about OT security?</h3>
<div>
<p>When IT and OT converge, there is rarely a one-size-fits-all solution. Have a no-obligation conversation with André about how you can strengthen OT security without compromising operations, uptime and safety.</p>
</div>
</div>
<div>
<h3>Email</h3>
<p>aba@mjolner.dk</p>
</div>
<div>
<h3>Phone</h3>
<p>+45 23 46 04 45</p>
</div>
<div>
<div class="_form_41"></div>
<p><script src="https://mjolnerinformatics.activehosted.com/f/embed.php?id=41" charset="utf-8"></script>
</div>
<p><span id="more-21657"></span><br />
<!-- {"type":"layout","children":[{"type":"section","props":{"image_position":"center-center","style":"default","title_breakpoint":"xl","title_position":"top-left","title_rotation":"left","vertical_align":"","width":"default"},"children":[{"type":"row","children":[{"type":"column","props":{"image_position":"center-center","position_sticky_breakpoint":"m"},"children":[{"type":"headline","props":{"content":"

<p>New risks, new requirements: 5 OT security tips for management<\/p>","title_element":"h1"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p>Cybersecurity has become a strategic topic in the energy and utilities sector. In recent years, many organisations have significantly strengthened their IT security. But as digitalisation increasingly reaches production and operations, more are discovering an area where the overall picture is often less clear.<\/p>\n

<p data-start=\"554\" data-end=\"595\">That area is<strong> OT \u2014 Operational Technology<\/strong>.<\/p>\n

<p data-start=\"597\" data-end=\"981\">OT covers the systems that control physical operations: production facilities, pumping stations, substations and control systems. This is where software meets physical infrastructure \u2014 and where the consequences of a security breach are not limited to data loss, but may include operational disruption or impacts on critical infrastructure. For management, this raises a key question:<\/p>\n

<p data-start=\"983\" data-end=\"1069\"><strong data-start=\"983\" data-end=\"1069\">How do you get started with OT security in a way that creates real business value?<\/strong><\/p>\n

<p data-start=\"1071\" data-end=\"1284\">The following five recommendations are based on the experience and advice of Mj\u00f8lner\u2019s domain experts in energy and utilities, <a href=\"https:\/\/www.linkedin.com\/in\/jakobhviid\/\">Jakob Hviid<\/a> and <a href=\"https:\/\/www.linkedin.com\/in\/andr%C3%A9-bryde-alnor-664ba615\/\">Andr\u00e9 Bryde Alnor<\/a>, as well as our partner <a href=\"https:\/\/www.linkedin.com\/in\/jhartig\/\">J\u00f8rgen Hartig<\/a> from <a href=\"https:\/\/securiot.dk\/frontpage\/\">SecuriOT<\/a>.<\/p>","margin":"default"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<h2>1. Assign clear ownership<\/h2>\n

<p data-start=\"1325\" data-end=\"1388\">One of the biggest challenges in OT security is organisational.<\/p>\n

<p data-start=\"1390\" data-end=\"1538\">In many organisations, the issue quickly ends up being passed around between departments: production points to IT, and IT points back to production.<\/p>","margin":"default"}},{"type":"quotation","props":{"author":"says J\u00f8rgen Hartig, Director, Strategic Advisor and Partner at SecuriOT.","content":"

<p>\u201dThe new troublemaker in the classroom is called OT cybersecurity - but it can be difficult to determine who should actually take the lead,\u201d<\/p>"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p data-start=\"1758\" data-end=\"1948\">As a result, OT security often falls between several functions: operations, IT and cybersecurity. Everyone recognises the risk - but no one has the clear mandate to drive the effort forward.<\/p>\n

<p data-start=\"1950\" data-end=\"2059\">That is why OT security does not start with technology. It starts with a management decision about ownership.<\/p>\n

<p data-start=\"2061\" data-end=\"2119\">But where does it make sense to place that responsibility?<\/p>\n

<p data-start=\"2121\" data-end=\"2369\">Experience from many organisations shows that the role should rarely sit solely within a pure IT security function. OT security is largely about operations, uptime and physical infrastructure - and therefore requires an understanding of production.<\/p>\n

<p data-start=\"2371\" data-end=\"2440\">A good rule of thumb is to place responsibility with a function that:<\/p>\n

<p><strong>Understands operations and the value chain<\/strong><br data-start=\"2486\" data-end=\"2489\" \/>The person must be able to assess what is actually critical to production or supply.<\/p>\n

<p><strong>Can work across IT and operations<\/strong><br data-start=\"2612\" data-end=\"2615\" \/>OT security sits at the intersection of multiple disciplines. The role must be able to bring the organisation together, not reinforce silos.<\/p>\n

<p><strong>Has the mandate to escalate risk to management<\/strong><br data-start=\"2808\" data-end=\"2811\" \/>Ultimately, OT security is about business risk. The person responsible must therefore be able to translate technical issues into management decisions. In some organisations, the role sits with a CISO who has OT expertise. In others, it sits within operations or asset management, working closely with IT. The exact placement may vary - but the crucial thing is that responsibility is clear and supported by management.<\/p>","margin":"default"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<h2>2. Understand the difference between IT security and OT security<\/h2>\n

<p>A classic pitfall is to treat OT security as a conventional IT security issue. The two areas operate on fundamentally different premises. In the IT world, security is typically centred on protecting data and systems. In the OT world, the primary focus is stable operations and physical safety.<\/p>","margin":"default"}},{"type":"quotation","props":{"author":"explains Jakob Hviid, Senior Solution Architect in Energy & Utility at Mj\u00f8lner.","content":"

<p>\u201cIn the IT world, a lot of the focus is on protecting data. In OT, security is very much about keeping the supply running,\u201d<\/p>"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p>This also means that some traditional IT security measures do not necessarily fit directly into OT environments.<\/p>","margin":"default"}},{"type":"quotation","props":{"author":"says J\u00f8rgen Hartig.","content":"

<p><span>\u201cImagine an operator in a critical situation who cannot remember their password. In OT, the consequences may be physical - not just digital,\u201d<\/span><\/p>"},"name":"[DK] Citat til blogindl\u00e6g"},{"type":"text","props":{"column_breakpoint":"m","content":"

<p>The point is not that security matters less in OT - but that it must be designed around the operational reality of the utility.<\/p>","margin":"default"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<h2><strong>3. Start with risk - not with what is easiest<\/strong><\/h2>\n

<p data-start=\"4283\" data-end=\"4424\">When organisations begin working with OT security, there is often a tendency to start with the things that are easiest to relate to, such as:<\/p>\n

<ul data-start=\"4426\" data-end=\"4511\">\n

<li data-start=\"4426\" data-end=\"4465\">fencing and physical access control<\/li>\n

<li data-start=\"4466\" data-end=\"4490\">network segmentation<\/li>\n

<li data-start=\"4491\" data-end=\"4511\">software backups<\/li>\n<\/ul>\n

<p data-start=\"4513\" data-end=\"4594\">All three are important. But they are not necessarily where the risk is greatest.<\/p>","margin":"default"}},{"type":"quotation","props":{"author":"says Andr\u00e9 Alnor, Energy Solution Strategist at Mj\u00f8lner. ","content":"

<p>\u201dMany organisations start with what they can see and understand \u2014 for example fences around facilities or network segmentation. But that is not necessarily where the greatest risk lies,\u201d<\/p>"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p data-start=\"4844\" data-end=\"4907\">A more effective approach is to start with the risk assessment.<\/p>\n

<p data-start=\"4909\" data-end=\"5031\">A good first question is: <strong data-start=\"4935\" data-end=\"5031\">Which functions in our organisation absolutely must work for us to deliver our core service?<\/strong><\/p>\n

<p data-start=\"5033\" data-end=\"5105\">Once those essential functions have been identified, you can move on to:<\/p>\n

<ul data-start=\"5107\" data-end=\"5223\">\n

<li data-start=\"5107\" data-end=\"5137\">which systems support them<\/li>\n

<li data-start=\"5138\" data-end=\"5173\">which threats could affect them<\/li>\n

<li data-start=\"5174\" data-end=\"5223\">what the consequences would be if they failed<\/li>\n<\/ul>","margin":"default"}},{"type":"quotation","props":{"author":"explains J\u00f8rgen Hartig.","content":"

<p>\"You cannot protect what you do not know. Gaining visibility into the infrastructure is one of the most important first steps,\"<\/p>"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p>Many organisations work with concrete threat scenarios - for example, what would happen if a central control system became unavailable for several days. That makes it much easier for management to prioritise investments, because the discussion is based on business risk rather than technology.<\/p>\n

<h2>4. IT and OT need to work more closely together<\/h2>\n

<p>Historically, OT environments have often been relatively isolated from the rest of the organisation\u2019s systems. But as digitalisation and data analysis advance, the integration between IT and OT is becoming increasingly close.<\/p>","margin":"default"}},{"type":"quotation","props":{"author":"says Andr\u00e9 Bryde Alnor.","content":"

<p>\"The scenarios that used to be less likely are becoming more realistic as IT and OT become more integrated,\"<\/p>"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<ol start=\"5\"><\/ol>\n

<p data-start=\"6101\" data-end=\"6322\">This means that security work can no longer take place in silos. IT and OT specialists need to work more closely together, and management must ensure that the organisation has a structure that supports that collaboration.<\/p>\n

<h2 data-start=\"6101\" data-end=\"6322\">5. Find your maturity point - and build from there<\/h2>\n

<p data-start=\"6388\" data-end=\"6740\">Another important lesson from across the sector is that OT security cannot be implemented in one single, all-encompassing effort. This often becomes apparent when the work is driven by compliance requirements or regulation. The organisation tries to implement all controls at once and ends up with a large programme that is difficult to operationalise.<\/p>\n

<p data-start=\"6742\" data-end=\"6830\">A more realistic approach is to start from the organisation\u2019s current level of maturity.<\/p>","margin":"default"}},{"type":"quotation","props":{"author":"says Andr\u00e9 Bryde Alnor.","content":"

<p>\u201dStart the journey where you are. Build it into your processes and move forward step by step, guided by standards,\u201d<\/p>"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p>In practice, that typically means establishing the basic processes first, working systematically with risk and continuously improving security over time. OT security is not a project with an end date. It is a discipline that evolves over time alongside technology, digitalisation and the threat landscape.<\/p>\n

<h2>Five key recommendations for management - in brief<\/h2>\n

<p data-start=\"7347\" data-end=\"7483\">If the sector\u2019s experiences are boiled down to five key pieces of advice for management in energy and utility companies, they are these:<\/p>\n

<p data-start=\"7347\" data-end=\"7483\"><span role=\"text\"><strong>1. Assign clear ownership of OT security<\/strong><\/span><\/p>\n

<p data-start=\"7347\" data-end=\"7483\">OT security often falls between operations and IT. Make sure one function has the mandate to lead the area and coordinate the effort across the organisation.<\/p>\n

<p data-start=\"7347\" data-end=\"7483\"><b>2. Start from business risk<\/b><\/p>\n

<p data-start=\"7347\" data-end=\"7483\">Do not start with the technology. Start with the question: What must not go wrong in our utility - and what would the consequences be if it did?<\/p>\n

<p data-start=\"7347\" data-end=\"7483\"><strong>3. Prioritise based on risk - not on what is easiest<\/strong><\/p>\n

<p data-start=\"7347\" data-end=\"7483\">Many organisations start with perimeter protection or network segmentation because it is concrete and visible. That matters - but it is not necessarily where the greatest risk lies. Let the risk assessment guide the effort.<\/p>\n

<p data-start=\"7347\" data-end=\"7483\"><strong data-start=\"8160\" data-end=\"8204\">4. Create visibility into your OT landscape<\/strong><\/p>\n

<p data-start=\"7347\" data-end=\"7483\">Management should ensure that the organisation has a realistic picture of its OT systems, connections and dependencies. You cannot protect what you do not know<\/p>\n

<p data-start=\"7347\" data-end=\"7483\"><span role=\"text\"><strong data-start=\"8371\" data-end=\"8423\">5. Treat OT security as an ongoing maturity journey<\/strong><\/span><\/p>\n

<p data-start=\"7347\" data-end=\"7483\">OT security is never \u201cfinished\u201d. Start from your current level, build structures and processes, and improve them continuously.<\/p>\n

<p><\/p>","margin":"default"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<h2 data-start=\"8557\" data-end=\"8601\"><span role=\"text\"><strong data-start=\"8560\" data-end=\"8601\">The worst thing you can do is nothing<\/strong><\/span><\/h2>\n

<p data-start=\"8603\" data-end=\"8740\">OT security can seem complex. Infrastructure, systems and suppliers have often evolved over many years, and there is rarely a simple fix.<\/p>\n

<p data-start=\"8742\" data-end=\"8905\">But that does not mean you should wait. Quite the opposite. For many organisations, the greatest risk is not starting too small - <strong>it is not getting started at all<\/strong>.<\/p>\n

<p data-start=\"8907\" data-end=\"9044\">As the sector\u2019s experience shows, the most important step is to begin: create visibility and start working with risk in a structured way.<\/p>\n

<p data-start=\"9046\" data-end=\"9088\"><strong data-start=\"9046\" data-end=\"9088\">The worst thing you can do is nothing.<\/strong><\/p>\n

<p data-start=\"9046\" data-end=\"9088\">Do you want to dive deeper into the interaction between IT and OT? Then read our article: <a href=\"https:\/\/mjolner.dk\/en\/blog\/when-it-and-ot-meet-3-classic-mistakes-management-should-avoid\/\">When IT and OT meet: 3 classic mistakes management should avoid<\/a>.<\/p>\n

<p data-start=\"9046\" data-end=\"9088\"><\/p>","margin":"default"}}]}]}]},{"type":"section","props":{"image_position":"center-center","padding_remove_top":true,"style":"default","title_breakpoint":"xl","title_position":"top-left","title_rotation":"left","vertical_align":"middle","width":"default"},"children":[{"type":"row","props":{"layout":"1-2,1-2"},"children":[{"type":"column","props":{"image_position":"center-center","position_sticky_breakpoint":"m","width_medium":"1-2"},"children":[{"type":"panel","props":{"content":"

<p>When IT and OT converge, there is rarely a one-size-fits-all solution. Have a no-obligation conversation with Andr\u00e9 about how you can strengthen OT security without compromising operations, uptime and safety.<\/p>","content_column_breakpoint":"m","icon_width":80,"image_align":"top","image_grid_breakpoint":"m","image_grid_width":"1-2","image_svg_color":"emphasis","link_style":"default","link_text":"Read more","margin":"default","meta_align":"below-title","meta_element":"div","meta_style":"text-meta","title":"Want to know more about OT security?","title_align":"top","title_element":"h3","title_grid_breakpoint":"m","title_grid_width":"1-2","title_hover_style":"reset","title_style":"h3"}},{"type":"fragment","children":[{"type":"row","props":{"layout":"1-2,1-2"},"children":[{"type":"column","props":{"image_position":"center-center","position_sticky_breakpoint":"m","width_medium":"1-2"},"children":[{"type":"image","props":{"image_border":"rounded","image_height":"800","image_svg_color":"emphasis","image_width":"600","margin":"default"},"source":{"query":{"name":"#parent"},"props":{"image":{"filters":{"search":""},"name":"field.billede.url"}}}}]},{"type":"column","props":{"image_position":"center-center","position_sticky_breakpoint":"m","width_medium":"1-2"},"children":[{"type":"panel","props":{"content_column_breakpoint":"m","content_margin":"remove","icon_width":80,"image_align":"top","image_grid_breakpoint":"m","image_grid_width":"1-2","image_svg_color":"emphasis","link_style":"default","link_text":"Read more","margin":"default","meta_align":"below-title","meta_element":"div","meta_style":"text-meta","title_align":"top","title_element":"h3","title_grid_breakpoint":"m","title_grid_width":"1-2","title_hover_style":"reset","title_style":"h5"},"source":{"query":{"name":"#parent"},"props":{"title":{"filters":{"search":""},"name":"title"},"content":{"filters":{"search":""},"name":"field.titel"}}}},{"type":"panel","props":{"content_column_breakpoint":"m","content_margin":"remove","icon_width":80,"image_align":"top","image_grid_breakpoint":"m","image_grid_width":"1-2","image_svg_color":"emphasis","link_style":"default","link_text":"","margin":"default","meta":"aba@mjolner.dk","meta_align":"below-title","meta_element":"div","meta_margin":"remove","meta_style":"text-large","panel_link":true,"title":"Email","title_align":"top","title_element":"h3","title_grid_breakpoint":"m","title_grid_width":"1-2","title_hover_style":"reset","title_style":"h6"},"source":{"query":{"name":"#parent"},"props":{"content":{"filters":{"search":""},"name":"field.e_mail"},"link":{"filters":{"search":"","before":"Mailto:"},"name":"field.e_mail"}}}},{"type":"panel","props":{"content_column_breakpoint":"m","content_margin":"remove","icon_width":80,"image_align":"top","image_grid_breakpoint":"m","image_grid_width":"1-2","image_svg_color":"emphasis","link_style":"default","link_text":"","margin":"default","meta":"+45 23 46 04 45","meta_align":"below-title","meta_element":"div","meta_margin":"remove","meta_style":"text-large","panel_link":true,"title":"Phone","title_align":"top","title_element":"h3","title_grid_breakpoint":"m","title_grid_width":"1-2","title_hover_style":"reset","title_style":"h6"},"source":{"query":{"name":"#parent"},"props":{"content":{"filters":{"search":""},"name":"field.telefon"},"link":{"filters":{"search":"","before":"Tel:"},"name":"field.telefon"}}}}]}]}],"props":{"margin":"default"},"name":"kontaktformular EN","source":{"query":{"name":"medarbejdere.customTeam","arguments":{"terms":[],"category_operator":"IN","users":[],"users_operator":"IN","offset":0,"order":"date","order_direction":"DESC","id":15864}}}}]},{"type":"column","props":{"image_position":"center-center","position_sticky_breakpoint":"m","width_medium":"1-2"},"children":[{"type":"html","props":{"content":"

<div class=\"_form_41\"><\/div><script src=\"https:\/\/mjolnerinformatics.activehosted.com\/f\/embed.php?id=41\" charset=\"utf-8\"><\/script>"},"name":"HTML EN"}]}]}],"name":"[ENG] Kontakt I Andr\u00e9"}],"version":"4.4.2","yooessentialsVersion":"2.2.14"} --></p>
<p>Indlægget <a href="https://mjolner.dk/en/blog/0t-security-5-tips-for-management/">New risks, new requirements: 5 OT security tips for management</a> blev først udgivet på <a href="https://mjolner.dk/en/">Mjølner</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Open Source in OT: A Strategic Choice for the Energy Solution of the Future</title>
		<link>https://mjolner.dk/en/blog/open-source-in-ot-a-strategic-choice-for-the-energy-solutions-of-the-future/</link>
		
		<dc:creator><![CDATA[Laura Birkebæk]]></dc:creator>
		<pubDate>Wed, 11 Mar 2026 14:34:26 +0000</pubDate>
				<category><![CDATA[Blog]]></category>
		<category><![CDATA[IT security]]></category>
		<category><![CDATA[cloud native]]></category>
		<category><![CDATA[Energy & Utility]]></category>
		<category><![CDATA[open source]]></category>
		<category><![CDATA[OT]]></category>
		<guid isPermaLink="false">https://mjolner.dk/?p=21811</guid>

					<description><![CDATA[<p>Open Source in OT: A Strategic Choice for the Energy Solutions of the Future The energy and utilities sector operates in an OT landscape where operational stability, cybersecurity, and compliance are non-negotiable. At the same time, demands for flexibility and integration are increasing. This challenges traditional vendor models. Open source is not a miracle solution, [&#8230;]</p>
<p>Indlægget <a href="https://mjolner.dk/en/blog/open-source-in-ot-a-strategic-choice-for-the-energy-solutions-of-the-future/">Open Source in OT: A Strategic Choice for the Energy Solution of the Future</a> blev først udgivet på <a href="https://mjolner.dk/en/">Mjølner</a>.</p>
]]></description>
										<content:encoded><![CDATA[<h1>
<p>Open Source in OT: A Strategic Choice for the Energy Solutions of the Future</p>
</h1>
<div>
<p><strong>The energy and utilities sector operates in an OT landscape where operational stability, cybersecurity, and compliance are non-negotiable. At the same time, demands for flexibility and integration are increasing. This challenges traditional vendor models. Open source is not a miracle solution, but for many organizations, it can be a strategic response to these challenges.</strong></p>
<p>The need for new functionality in OT solutions has grown significantly. Many organizations find that the development pace of traditional vendors does not always match their need for rapid adaptation. So-called cloud-native, open-source software supports a more modular and independent approach, where solutions are composed of smaller components that can be continuously adapted and replaced.</p>
</div>
<div>
<p data-start="851" data-end="1178">According to <a href="https://www.linkedin.com/in/andr%C3%A9-bryde-alnor-664ba615/">André Bryde Alnor</a>, Energy Solution Strategist at Mjølner, this shift is already taking place in the energy sector. Open source has set the standard in the IT world, and with initiatives such as <a href="https://lfenergy.org/">LF Energy</a>, we are now seeing how this approach can create shared innovation and strengthen control in the energy sector.</p>
<p data-start="1180" data-end="1306">Read on to learn why open source has become a strategic alternative to traditional vendor solutions for many energy companies.</p>
<h2 data-start="1308" data-end="1343">Greater Control and Transparency</h2>
<p data-start="1345" data-end="1705">The open codebases in open-source software provide insight into how a solution actually works, creating greater transparency. At the same time, open licenses allow you to adapt and replace components as needed. In many commercial solutions, the contents are more closed, which can make it more difficult to gain full insight into architecture and dependencies.</p>
</div>
<blockquote>
<p>”With open source, you gain real influence. You can see exactly what is contained in the open codebase. As an operator, vendor, or regulator, you can therefore verify functionality and security yourself and make changes that match your organization or business,”</p>
<footer>
<p>                <cite>André points out.</cite></p>
</footer>
</blockquote>
<div>
<h2 data-start="1992" data-end="2028">Rapid Handling of Vulnerabilities</h2>
<p data-start="2030" data-end="2373">In many cases, vulnerabilities are handled quickly in open-source communities because errors are discovered and shared openly. This gives organizations the opportunity to respond quickly, provided they have control over updates and operations. The collaborative approach makes it easier to manage and close vulnerabilities in critical systems.</p>
</div>
<blockquote>
<p>“I have worked with a product that was attacked, where the vulnerability affected organizations globally. We were able to resolve the situation within a couple of hours, while others spent several days. Quite simply because we could replace the product and get a fix immediately,”</p>
<footer>
<p>                <cite>André explains.</cite></p>
</footer>
</blockquote>
<div>
<h2 data-start="2676" data-end="2706">Scalability and Flexibility</h2>
<p data-start="2708" data-end="3001">With open source combined with a loosely coupled architecture, parts of the system landscape can be adjusted without replacing entire platforms. This enables energy-sector organizations to quickly scale and adapt solutions to changing needs in a sector where requirements are evolving rapidly.</p>
</div>
<blockquote>
<p>“I have worked with a product that was attacked, where the vulnerability affected organizations globally. We were able to resolve the situation within a couple of hours, while others spent several days. Quite simply because we could replace the product and get a fix immediately,”</p>
<footer>
<p>                <cite>André explains.</cite></p>
</footer>
</blockquote>
<div>
<h2 data-start="3408" data-end="3426">Cost Efficiency</h2>
<p data-start="3428" data-end="3681">When using open source for OT solutions, you can reduce licensing costs and redirect more resources from licenses to development and operations. At the same time, functionality can be implemented quickly by selecting and configuring existing components.</p>
</div>
<blockquote>
<p>”You gain access to extensive functionality at a low cost because you do not have to pay licenses or struggle through vendor negotiations about IP and contractual obligations,”</p>
<footer>
<p>                <cite>André states.</cite></p>
</footer>
</blockquote>
<div>
<h2 data-start="3878" data-end="3916">Shared Innovation and Collaboration</h2>
<p data-start="3918" data-end="4140">Open source creates opportunities for joint development across the energy sector. When multiple organizations collaborate on shared components, they can share costs, reduce duplicate work, and develop new solutions faster.</p>
</div>
<blockquote>
<p>”It is valuable because we collaborate on a voluntary basis and find interesting solutions to problems that are specific to the energy sector, but not unique to the individual vendor,”</p>
<footer>
<p>                <cite>André says.</cite></p>
</footer>
</blockquote>
<div>
<p data-start="4343" data-end="4648">The changes and new functionality that emerge from this collaboration can be implemented much faster, as organizations are not dependent on the development cycles of commercial vendors. At the same time, shared components reduce duplication and accelerate integration across countries and infrastructures.</p>
<h2 data-start="4650" data-end="4702">Better Compliance with Cybersecurity Requirements</h2>
<p data-start="4704" data-end="4992">With access to the source code, it becomes easier to ensure that a solution meets specific security requirements and can adapt to new threats. More eyes on critical code also reduce errors and vulnerabilities &#8211; an important quality in OT, where the consequences of failures can be severe.</p>
</div>
<blockquote>
<p>”With open source, you have insight into the codebase and can comply with security requirements in a completely different way than with commercial providers,”</p>
<footer>
<p>                <cite>André says.</cite></p>
</footer>
</blockquote>
<div>
<p data-start="5169" data-end="5249">This provides a stronger foundation for documentation to authorities and boards.</p>
<h2 data-start="5251" data-end="5276">Demystifying the Risks</h2>
<p data-start="5278" data-end="5619">Using open source may seem controversial because operational requirements are extremely high when it comes to security of supply and critical infrastructure. However, some overlook the fact that open source is already the standard in global software development, and that most commercial products are already built on open-source components.</p>
</div>
<blockquote>
<p>”Open source is already part of the majority of modern software. For many organizations, the question is therefore not whether they use open source, but how they do so responsibly,”</p>
<footer>
<p>                <cite>André emphasizes.</cite></p>
</footer>
</blockquote>
<div>
<p data-start="5825" data-end="5988">The increasing complexity of energy systems requires collaboration across organizations and vendors, which is why open source is becoming increasingly unavoidable.</p>
<p data-start="5990" data-end="6301" data-is-last-node="" data-is-only-node="">Open source is not the easiest path. The approach requires expertise, governance, and clear operating models. But for energy companies that want flexibility and strategic independence in their OT landscape, it can be an effective way to gain control over their system landscape, risks, and vendor relationships.</p>
</div>
<p><span id="more-21811"></span><br />
<!-- {"type":"layout","children":[{"type":"section","props":{"image_position":"center-center","style":"default","title_breakpoint":"xl","title_position":"top-left","title_rotation":"left","vertical_align":"","width":"default"},"children":[{"type":"row","children":[{"type":"column","props":{"image_position":"center-center","position_sticky_breakpoint":"m"},"children":[{"type":"headline","props":{"content":"

<p>Open Source in OT: A Strategic Choice for the Energy Solutions of the Future<\/p>","title_element":"h1"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p><strong>The energy and utilities sector operates in an OT landscape where operational stability, cybersecurity, and compliance are non-negotiable. At the same time, demands for flexibility and integration are increasing. This challenges traditional vendor models. Open source is not a miracle solution, but for many organizations, it can be a strategic response to these challenges.<\/strong><\/p>\n

<p>The need for new functionality in OT solutions has grown significantly. Many organizations find that the development pace of traditional vendors does not always match their need for rapid adaptation. So-called cloud-native, open-source software supports a more modular and independent approach, where solutions are composed of smaller components that can be continuously adapted and replaced.<\/p>","margin":"default"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p data-start=\"851\" data-end=\"1178\">According to <a href=\"https:\/\/www.linkedin.com\/in\/andr%C3%A9-bryde-alnor-664ba615\/\">Andr\u00e9 Bryde Alnor<\/a>, Energy Solution Strategist at Mj\u00f8lner, this shift is already taking place in the energy sector. Open source has set the standard in the IT world, and with initiatives such as <a href=\"https:\/\/lfenergy.org\/\">LF Energy<\/a>, we are now seeing how this approach can create shared innovation and strengthen control in the energy sector.<\/p>\n

<p data-start=\"1180\" data-end=\"1306\">Read on to learn why open source has become a strategic alternative to traditional vendor solutions for many energy companies.<\/p>\n

<h2 data-start=\"1308\" data-end=\"1343\">Greater Control and Transparency<\/h2>\n

<p data-start=\"1345\" data-end=\"1705\">The open codebases in open-source software provide insight into how a solution actually works, creating greater transparency. At the same time, open licenses allow you to adapt and replace components as needed. In many commercial solutions, the contents are more closed, which can make it more difficult to gain full insight into architecture and dependencies.<\/p>","margin":"default"}},{"type":"quotation","props":{"author":"Andr\u00e9 points out.","content":"

<p>\u201dWith open source, you gain real influence. You can see exactly what is contained in the open codebase. As an operator, vendor, or regulator, you can therefore verify functionality and security yourself and make changes that match your organization or business,\u201d<\/p>"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<h2 data-start=\"1992\" data-end=\"2028\">Rapid Handling of Vulnerabilities<\/h2>\n

<p data-start=\"2030\" data-end=\"2373\">In many cases, vulnerabilities are handled quickly in open-source communities because errors are discovered and shared openly. This gives organizations the opportunity to respond quickly, provided they have control over updates and operations. The collaborative approach makes it easier to manage and close vulnerabilities in critical systems.<\/p>","margin":"default"}},{"type":"quotation","props":{"author":"Andr\u00e9 explains.","content":"

<p>\u201cI have worked with a product that was attacked, where the vulnerability affected organizations globally. We were able to resolve the situation within a couple of hours, while others spent several days. Quite simply because we could replace the product and get a fix immediately,\u201d<\/p>"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<h2 data-start=\"2676\" data-end=\"2706\">Scalability and Flexibility<\/h2>\n

<p data-start=\"2708\" data-end=\"3001\">With open source combined with a loosely coupled architecture, parts of the system landscape can be adjusted without replacing entire platforms. This enables energy-sector organizations to quickly scale and adapt solutions to changing needs in a sector where requirements are evolving rapidly.<\/p>","margin":"default"}},{"type":"quotation","props":{"author":"Andr\u00e9 explains.","content":"

<p>\u201cI have worked with a product that was attacked, where the vulnerability affected organizations globally. We were able to resolve the situation within a couple of hours, while others spent several days. Quite simply because we could replace the product and get a fix immediately,\u201d<\/p>"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<h2 data-start=\"3408\" data-end=\"3426\">Cost Efficiency<\/h2>\n

<p data-start=\"3428\" data-end=\"3681\">When using open source for OT solutions, you can reduce licensing costs and redirect more resources from licenses to development and operations. At the same time, functionality can be implemented quickly by selecting and configuring existing components.<\/p>","margin":"default"}},{"type":"quotation","props":{"author":"Andr\u00e9 states.","content":"

<p>\u201dYou gain access to extensive functionality at a low cost because you do not have to pay licenses or struggle through vendor negotiations about IP and contractual obligations,\u201d<\/p>"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<h2 data-start=\"3878\" data-end=\"3916\">Shared Innovation and Collaboration<\/h2>\n

<p data-start=\"3918\" data-end=\"4140\">Open source creates opportunities for joint development across the energy sector. When multiple organizations collaborate on shared components, they can share costs, reduce duplicate work, and develop new solutions faster.<\/p>","margin":"default"}},{"type":"quotation","props":{"author":"Andr\u00e9 says.","content":"

<p>\u201dIt is valuable because we collaborate on a voluntary basis and find interesting solutions to problems that are specific to the energy sector, but not unique to the individual vendor,\u201d<\/p>"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p data-start=\"4343\" data-end=\"4648\">The changes and new functionality that emerge from this collaboration can be implemented much faster, as organizations are not dependent on the development cycles of commercial vendors. At the same time, shared components reduce duplication and accelerate integration across countries and infrastructures.<\/p>\n

<h2 data-start=\"4650\" data-end=\"4702\">Better Compliance with Cybersecurity Requirements<\/h2>\n

<p data-start=\"4704\" data-end=\"4992\">With access to the source code, it becomes easier to ensure that a solution meets specific security requirements and can adapt to new threats. More eyes on critical code also reduce errors and vulnerabilities - an important quality in OT, where the consequences of failures can be severe.<\/p>","margin":"default"}},{"type":"quotation","props":{"author":"Andr\u00e9 says.","content":"

<p>\u201dWith open source, you have insight into the codebase and can comply with security requirements in a completely different way than with commercial providers,\u201d<\/p>"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p data-start=\"5169\" data-end=\"5249\">This provides a stronger foundation for documentation to authorities and boards.<\/p>\n

<h2 data-start=\"5251\" data-end=\"5276\">Demystifying the Risks<\/h2>\n

<p data-start=\"5278\" data-end=\"5619\">Using open source may seem controversial because operational requirements are extremely high when it comes to security of supply and critical infrastructure. However, some overlook the fact that open source is already the standard in global software development, and that most commercial products are already built on open-source components.<\/p>","margin":"default"}},{"type":"quotation","props":{"author":"Andr\u00e9 emphasizes.","content":"

<p>\u201dOpen source is already part of the majority of modern software. For many organizations, the question is therefore not whether they use open source, but how they do so responsibly,\u201d<\/p>"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p data-start=\"5825\" data-end=\"5988\">The increasing complexity of energy systems requires collaboration across organizations and vendors, which is why open source is becoming increasingly unavoidable.<\/p>\n

<p data-start=\"5990\" data-end=\"6301\" data-is-last-node=\"\" data-is-only-node=\"\">Open source is not the easiest path. The approach requires expertise, governance, and clear operating models. But for energy companies that want flexibility and strategic independence in their OT landscape, it can be an effective way to gain control over their system landscape, risks, and vendor relationships.<\/p>","margin":"default"}}]}]}]}],"version":"4.4.2","yooessentialsVersion":"2.2.14"} --></p>
<p>Indlægget <a href="https://mjolner.dk/en/blog/open-source-in-ot-a-strategic-choice-for-the-energy-solutions-of-the-future/">Open Source in OT: A Strategic Choice for the Energy Solution of the Future</a> blev først udgivet på <a href="https://mjolner.dk/en/">Mjølner</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>How to Create High-Performing Software Teams with Team Topologies</title>
		<link>https://mjolner.dk/en/blog/project-management-en/team-topologies/</link>
		
		<dc:creator><![CDATA[aidup]]></dc:creator>
		<pubDate>Thu, 27 Mar 2025 07:47:17 +0000</pubDate>
				<category><![CDATA[Project Management]]></category>
		<category><![CDATA[Efficiency]]></category>
		<category><![CDATA[Organizational Structure]]></category>
		<category><![CDATA[Team Composition]]></category>
		<guid isPermaLink="false">https://mjolner.dk/uncategorized/team-topologies/</guid>

					<description><![CDATA[<p>How to create high-performing software teams with team topologies From hero culture to team flow Has the IT industry created a culture where individual achievements are celebrated? Where the so-called 10x developers are crucial to a project&#8217;s success? And is it even appropriate for a few individuals to bear the great responsibility? Team Topologies points [&#8230;]</p>
<p>Indlægget <a href="https://mjolner.dk/en/blog/project-management-en/team-topologies/">How to Create High-Performing Software Teams with Team Topologies</a> blev først udgivet på <a href="https://mjolner.dk/en/">Mjølner</a>.</p>
]]></description>
										<content:encoded><![CDATA[<h1>How to create high-performing software teams with team topologies</h1>
<h1>
<h4>From hero culture to team flow</h4>
</h1>
<div>
<p><strong>Has the IT industry created a culture where individual achievements are celebrated? Where the so-called 10x developers are crucial to a project&#8217;s success? And is it even appropriate for a few individuals to bear the great responsibility? Team Topologies points out that teams are the core of delivering high-quality products efficiently.</strong></p>
</div>
<div>
<p><span>Imagine a software team where much depends on one superstar developer. When they go on vacation, uncertainty arises in the team, colleagues feel pressured, and errors creep into the code. This is a clear sign of a vulnerable team structure – and precisely the problem that<em> Team Topologies</em> aims to solve.</span></p>
<p><span data-contrast="auto">In this blog post, we explore the principles of </span><a href="https://teamtopologies.com/"><span data-contrast="none">Team Topologies</span></a><span data-contrast="auto"> and look at the significance of team interactions for software architecture. <a href="https://mjolner.dk/en/team/henning-bottger/">Henning Böttger</a> is a Senior Software Architect at Mjølner, and he provides specific suggestions on how to make a team effective. It is about designing our teams to promote collaboration, reduce friction, and maintain sustainable productivity. And it is necessary to manage cognitive load if you want to create high-performing teams.</span></p>
<p><span>You can also watch Henning&#8217;s entire lecture on the topic at the bottom of this page.</span></p>
</div>
<div>
<h2>The socio-technical aspects of teams according to team topologies</h2>
<p>To understand why some teams perform better than others, it is necessary to examine the socio-technical dynamics that affect team efficiency. This involves both human collaboration patterns and the technical structures that shape software development.</p>
<p>Effective team design, as mentioned, is about more than just assembling skilled individuals. The way teams interact determines their ability to deliver value efficiently. Team Topologies introduces a structured approach to organizing teams based on their function and communication patterns.</p>
<p>Instead of relying on a hero culture, where individual members bear a disproportionate burden, organizations should focus on building autonomous teams with clear responsibilities and fewer dependencies. This approach leads to more predictable outcomes and a sustainable development pace. As Henning points out, focusing on individuals rather than the team can create a negative spiral:</p>
</div>
<blockquote>
<p><span>“We can develop a hero culture where certain individuals always step in to save the day. This creates a self-reinforcing effect where the heroes become smarter and more important, while the rest of the team does not develop in the same way.”</span></p>
</blockquote>
<p><iframe src="https://www.youtube.com/watch?v=HWegFjtzKJM"></iframe></p>
<div>
<h2><span data-contrast="auto" xml:lang="DA-DK" lang="DA-DK" class="TextRun SCXW193339514 BCX0"><span class="NormalTextRun SpellingErrorV2Themed SCXW193339514 BCX0">Conway&#8217;s</span><span class="NormalTextRun SCXW193339514 BCX0"> law: The hidden Blueprint for software design</span></span><span data-contrast="auto" xml:lang="DA-DK" lang="DA-DK" class="TextRun SCXW193339514 BCX0"><span class="NormalTextRun SCXW193339514 BCX0"> </span></span><span class="EOP SCXW193339514 BCX0" data-ccp-props="{}"> </span></h2>
<p><span data-contrast="auto" xml:lang="DA-DK" lang="DA-DK" class="TextRun SCXW85788438 BCX0"><span class="NormalTextRun SCXW85788438 BCX0"><span>One of the most fundamental concepts in team organization is Conway&#8217;s Law, based on Melvin E. Conway&#8217;s groundbreaking 1967 article:</span> &#8220;</span></span><a class="Hyperlink SCXW85788438 BCX0" href="https://www.melconway.com/Home/pdf/committees.pdf" target="_blank" rel="noreferrer noopener"><span data-contrast="none" xml:lang="DA-DK" lang="DA-DK" class="TextRun Underlined SCXW85788438 BCX0"><span class="NormalTextRun SCXW85788438 BCX0" data-ccp-charstyle="Hyperlink">How Do </span><span class="NormalTextRun SCXW85788438 BCX0" data-ccp-charstyle="Hyperlink">Committees</span><span class="NormalTextRun SCXW85788438 BCX0" data-ccp-charstyle="Hyperlink"> </span><span class="NormalTextRun SCXW85788438 BCX0" data-ccp-charstyle="Hyperlink">Invent</span><span class="NormalTextRun SCXW85788438 BCX0" data-ccp-charstyle="Hyperlink">?</span></span></a>&#8220;<span data-contrast="auto" xml:lang="DA-DK" lang="DA-DK" class="TextRun SCXW85788438 BCX0"><span class="NormalTextRun SCXW85788438 BCX0"> <span>The law states that the way teams communicate and interact influences the architecture of the systems they create. When organizations are divided into silos, their software will reflect that division, often leading to inefficiency and fragmented systems. Henning points out the importance of being aware of this correlation:</span></span></span></p>
</div>
<blockquote>
<p><span>“If the organization&#8217;s structure and the architecture are at odds, the organization always wins. This means that even the best architectural ambitions can be undermined by poorly designed teams.”</span></p>
</blockquote>
<div>
<p><span>Conversely, organizations that deliberately design their team structures to support the desired architectural outcomes can create scalable and maintainable software. Instead of trying to fix software problems after they arise, companies should focus on improving team communication and alignment first, as this will naturally lead to better systems.</span></p>
</div>
<div>
<h2><span class="EOP SCXW193339514 BCX0" data-ccp-props="{}"><span data-contrast="auto" xml:lang="DA-DK" lang="DA-DK" class="TextRun SCXW200664648 BCX0"><span class="NormalTextRun SCXW200664648 BCX0">Dunbar&#8217;s number: Why small teams work best</span></span></span></h2>
<p>A team&#8217;s efficiency is also influenced by Dunbar&#8217;s number, which suggests that humans can only maintain strong, trust-based relationships with a limited number of people. In the 1990s, British anthropologist and evolutionary psychologist Robin Dunbar discovered a correlation between brain size and group size in primates. He hypothesized that humans have a cognitive limit to the number of social relationships we can manage effectively.</p>
<p>For software teams, this means that smaller, closely-knit groups are more effective at communicating and solving complex problems. Dunbar&#8217;s number for larger networks is estimated to be around 150, while for close and trust-based groups, it is between 5-15. Henning describes it like this:</p>
</div>
<p><img decoding="async" src="https://upload.wikimedia.org/wikipedia/commons/a/a8/DunbarsNumber.png" alt="Diagram representing different quantities of stable social relationships, with Dunbar's Number, 150, in the center."></p>
<div>
<p>Source: <a href="https://commons.wikimedia.org/wiki/File:DunbarsNumber.png#Summary">Wikimedia Commons</a></p>
</div>
<blockquote>
<p><span>“We know that high-performance teams need trust. Therefore, we should keep teams small and closely-knit so they can function without unnecessary dependencies.”</span></p>
</blockquote>
<div>
<p>When teams become too large, coordination becomes more difficult, collaboration weakens, and the decision-making process slows down. This is why many high-performing organizations limit team sizes and ensure that each team remains small enough to function effectively without unnecessary bureaucracy or friction.</p>
<p>For example, Amazon has implemented the famous “two-pizza rule,” where each development team should be small enough to be fed by two family-sized pizzas – typically 6-10 people. Small, autonomous teams make it easier to adapt to changes and reduce dependencies, ensuring that the software architecture remains flexible and modular.</p>
</div>
<div>
<h2>Managing cognitive load for maximum efficiency</h2>
<p><span>In addition to team size and communication patterns, another critical factor in productivity is cognitive load – the total mental effort required to perform a task. When developers are overwhelmed by complex systems, inefficient processes, or excessive responsibilities, productivity decreases. Henning reflects on how it can feel as a developer to hit a mental wall:</span></p>
</div>
<blockquote>
<p><span>“I often sit and think: Why is this so hard? I know the technology, but there is so much friction in the test environment and processes that I become mentally drained. This is what happens when cognitive load becomes too high.”</span></p>
</blockquote>
<div>
<p><span data-contrast="auto" xml:lang="DA-DK" lang="DA-DK" class="TextRun SCXW42750738 BCX0"><span class="NormalTextRun SCXW42750738 BCX0"><span>To reduce cognitive load, one should limit the team&#8217;s area of responsibility (bounded contexts). This involves setting clear boundaries so that a single team is not involved in too many domains or technologies – this can be achieved through</span> </span></span><a class="Hyperlink SCXW42750738 BCX0" href="https://mjolner.dk/en/?p=18264" target="_blank" rel="noreferrer noopener"><span data-contrast="none" xml:lang="DA-DK" lang="DA-DK" class="TextRun Underlined SCXW42750738 BCX0"><span class="NormalTextRun SCXW42750738 BCX0" data-ccp-charstyle="Hyperlink">Domain-Driven Design</span></span></a><span data-contrast="auto" xml:lang="DA-DK" lang="DA-DK" class="TextRun SCXW42750738 BCX0"><span class="NormalTextRun SCXW42750738 BCX0">, <span>where a team can focus on one value stream.</span></span></span></p>
</div>
<div>
<h2><span data-contrast="auto" xml:lang="DA-DK" lang="DA-DK" class="TextRun SCXW93031069 BCX0"><span class="NormalTextRun SCXW93031069 BCX0">Structuring and Designing teams for High performance </span></span><span class="EOP SCXW93031069 BCX0" data-ccp-props="{}"> </span></h2>
<p><span>In addition to reducing cognitive load, it is crucial that individual teams are designed according to their specific purpose. With a clear understanding of socio-technical dynamics, organizations can structure their teams more effectively. Team Topologies describes four central team types:</span></p>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><b><span data-contrast="auto">Streamlined teams</span></b><span data-contrast="auto"> – Responsible for delivering end-to-end business value and owning specific features or domains. </span></li>
</ul>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><b><span data-contrast="auto">Enabling teams</span></b><span data-contrast="auto"> – Help streamlined teams acquire new skills, such as DevOps practices or security expertise. </span><span data-ccp-props="{}"> </span></li>
</ul>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><b><span data-contrast="auto">Platform teams</span></b><span data-contrast="auto"> – Maintain shared infrastructure and reduce the operational burden for development teams. </span><span data-ccp-props="{}"> </span></li>
</ul>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><b><span data-contrast="auto">Complicated subsystem teams</span></b><span data-contrast="auto"> – Handle specialized, complex components that require deep technical expertise. </span></li>
</ul>
<p><span>A well-organized team structure is not only about defining team types but also about how the individual teams collaborate. Team Topologies identifies three primary interaction modes:</span></p>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="5" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto"><b>Collaboration </b>– Teams work closely together when solving new or complex problems. </span><span data-ccp-props="{}"> </span></li>
</ul>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="6" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto"><b>Facilitation </b>– One team helps another develop new competencies and then steps back. </span><span data-ccp-props="{}"> </span></li>
</ul>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="7" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><b><span data-contrast="auto">Access-as-a-Service</span></b><span data-contrast="auto"> – Teams interact with minimal direct communication via well-defined APIs or automated processes. </span><span data-ccp-props="{}"> </span></li>
</ul>
<p><span>Although clear communication and good collaboration are parameters that can be perceived as &#8220;soft&#8221; and difficult to measure, they can have a decisive impact on the business and the bottom line. As Henning puts it:</span></p>
</div>
<blockquote>
<p><span>“We can have the best processes on paper, but if teams do not communicate effectively or have the right structure, everything falls apart.”</span></p>
</blockquote>
<div>
<h2><span class="EOP SCXW166025125 BCX0" data-ccp-props="{}">Take the step from theory to practice with team topologies</span></h2>
<p><span data-ccp-props="{}">Team Topologies shows us that success in software development is not just about talent, but also about structure. By designing teams with clear roles, reducing cognitive load, and understanding the interaction between people and technology, organizations can create more effective and sustainable development teams. </span></p>
<p><span>Whether you work in a large company or a startup, small changes in team organization can have a big impact. You can start by mapping your dependencies, identifying bottlenecks, and considering how team design can support your architecture rather than hinder it. Perhaps Team Topologies can help you create better collaboration and more robust systems.</span></p>
</div>
<blockquote>
<p><span>“This is not about a revolution, but about small, meaningful adjustments that can make a huge difference.”</span></p>
<footer>
<p>                <cite><a href="https://www.linkedin.com/in/henningboettger/">Henning Böttger</a></cite></p>
</footer>
</blockquote>
<p><iframe src="https://www.youtube.com/watch?v=9j5OTNWes6I"></iframe></p>
<p><span id="more-18522"></span><br />
<!-- {"type":"layout","children":[{"type":"section","props":{"image_position":"center-center","style":"default","title_breakpoint":"xl","title_position":"top-left","title_rotation":"left","vertical_align":"","width":"default"},"children":[{"type":"row","children":[{"type":"column","props":{"image_position":"center-center","position_sticky_breakpoint":"m"},"children":[{"type":"headline","props":{"content":"How to create high-performing software teams with team topologies","title_element":"h1"}},{"type":"headline","props":{"content":"

<h4>From hero culture to team flow<\/h4>","title_element":"h1"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p><strong>Has the IT industry created a culture where individual achievements are celebrated? Where the so-called 10x developers are crucial to a project's success? And is it even appropriate for a few individuals to bear the great responsibility? Team Topologies points out that teams are the core of delivering high-quality products efficiently.<\/strong><\/p>","margin":"default"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p><span>Imagine a software team where much depends on one superstar developer. When they go on vacation, uncertainty arises in the team, colleagues feel pressured, and errors creep into the code. This is a clear sign of a vulnerable team structure \u2013 and precisely the problem that<em> Team Topologies<\/em> aims to solve.<\/span><\/p>\n

<p><span data-contrast=\"auto\">In this blog post, we explore the principles of <\/span><a href=\"https:\/\/teamtopologies.com\/\"><span data-contrast=\"none\">Team Topologies<\/span><\/a><span data-contrast=\"auto\"> and look at the significance of team interactions for software architecture. <a href=\"https:\/\/mjolner.dk\/team\/henning-bottger\/\">Henning B\u00f6ttger<\/a> is a Senior Software Architect at Mj\u00f8lner, and he provides specific suggestions on how to make a team effective. It is about designing our teams to promote collaboration, reduce friction, and maintain sustainable productivity. And it is necessary to manage cognitive load if you want to create high-performing teams.<\/span><\/p>\n

<p><span>You can also watch Henning's entire lecture on the topic at the bottom of this page.<\/span><\/p>","margin":"default"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<h2>The socio-technical aspects of teams according to team topologies<\/h2>\n

<p>To understand why some teams perform better than others, it is necessary to examine the socio-technical dynamics that affect team efficiency. This involves both human collaboration patterns and the technical structures that shape software development.<\/p>\n

<p>Effective team design, as mentioned, is about more than just assembling skilled individuals. The way teams interact determines their ability to deliver value efficiently. Team Topologies introduces a structured approach to organizing teams based on their function and communication patterns.<\/p>\n

<p>Instead of relying on a hero culture, where individual members bear a disproportionate burden, organizations should focus on building autonomous teams with clear responsibilities and fewer dependencies. This approach leads to more predictable outcomes and a sustainable development pace. As Henning points out, focusing on individuals rather than the team can create a negative spiral:<\/p>","margin":"medium"}},{"type":"quotation","props":{"content":"

<p><span>\u201cWe can develop a hero culture where certain individuals always step in to save the day. This creates a self-reinforcing effect where the heroes become smarter and more important, while the rest of the team does not develop in the same way.\u201d<\/span><\/p>"}},{"type":"video","props":{"margin":"large","text_align":"center","video":"https:\/\/www.youtube.com\/watch?v=HWegFjtzKJM","video_controls":true,"video_width":"800"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<h2><span data-contrast=\"auto\" xml:lang=\"DA-DK\" lang=\"DA-DK\" class=\"TextRun SCXW193339514 BCX0\"><span class=\"NormalTextRun SpellingErrorV2Themed SCXW193339514 BCX0\">Conway's<\/span><span class=\"NormalTextRun SCXW193339514 BCX0\"> law: The hidden Blueprint for software design<\/span><\/span><span data-contrast=\"auto\" xml:lang=\"DA-DK\" lang=\"DA-DK\" class=\"TextRun SCXW193339514 BCX0\"><span class=\"NormalTextRun SCXW193339514 BCX0\">\u202f<\/span><\/span><span class=\"EOP SCXW193339514 BCX0\" data-ccp-props=\"{}\">\u00a0<\/span><\/h2>\n

<p><span data-contrast=\"auto\" xml:lang=\"DA-DK\" lang=\"DA-DK\" class=\"TextRun SCXW85788438 BCX0\"><span class=\"NormalTextRun SCXW85788438 BCX0\"><span>One of the most fundamental concepts in team organization is Conway's Law, based on Melvin E. Conway's groundbreaking 1967 article:<\/span> \"<\/span><\/span><a class=\"Hyperlink SCXW85788438 BCX0\" href=\"https:\/\/www.melconway.com\/Home\/pdf\/committees.pdf\" target=\"_blank\" rel=\"noreferrer noopener\"><span data-contrast=\"none\" xml:lang=\"DA-DK\" lang=\"DA-DK\" class=\"TextRun Underlined SCXW85788438 BCX0\"><span class=\"NormalTextRun SCXW85788438 BCX0\" data-ccp-charstyle=\"Hyperlink\">How Do <\/span><span class=\"NormalTextRun SCXW85788438 BCX0\" data-ccp-charstyle=\"Hyperlink\">Committees<\/span><span class=\"NormalTextRun SCXW85788438 BCX0\" data-ccp-charstyle=\"Hyperlink\"> <\/span><span class=\"NormalTextRun SCXW85788438 BCX0\" data-ccp-charstyle=\"Hyperlink\">Invent<\/span><span class=\"NormalTextRun SCXW85788438 BCX0\" data-ccp-charstyle=\"Hyperlink\">?<\/span><\/span><\/a>\"<span data-contrast=\"auto\" xml:lang=\"DA-DK\" lang=\"DA-DK\" class=\"TextRun SCXW85788438 BCX0\"><span class=\"NormalTextRun SCXW85788438 BCX0\"> <span>The law states that the way teams communicate and interact influences the architecture of the systems they create. When organizations are divided into silos, their software will reflect that division, often leading to inefficiency and fragmented systems. Henning points out the importance of being aware of this correlation:<\/span><\/span><\/span><\/p>","margin":"default"}},{"type":"quotation","props":{"content":"

<p><span>\u201cIf the organization's structure and the architecture are at odds, the organization always wins. This means that even the best architectural ambitions can be undermined by poorly designed teams.\u201d<\/span><\/p>"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p><span>Conversely, organizations that deliberately design their team structures to support the desired architectural outcomes can create scalable and maintainable software. Instead of trying to fix software problems after they arise, companies should focus on improving team communication and alignment first, as this will naturally lead to better systems.<\/span><\/p>","margin":"default"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<h2><span class=\"EOP SCXW193339514 BCX0\" data-ccp-props=\"{}\"><span data-contrast=\"auto\" xml:lang=\"DA-DK\" lang=\"DA-DK\" class=\"TextRun SCXW200664648 BCX0\"><span class=\"NormalTextRun SCXW200664648 BCX0\">Dunbar's number: Why small teams work best<\/span><\/span><\/span><\/h2>\n

<p>A team's efficiency is also influenced by Dunbar's number, which suggests that humans can only maintain strong, trust-based relationships with a limited number of people. In the 1990s, British anthropologist and evolutionary psychologist Robin Dunbar discovered a correlation between brain size and group size in primates. He hypothesized that humans have a cognitive limit to the number of social relationships we can manage effectively.<\/p>\n

<p>For software teams, this means that smaller, closely-knit groups are more effective at communicating and solving complex problems. Dunbar's number for larger networks is estimated to be around 150, while for close and trust-based groups, it is between 5-15. Henning describes it like this:<\/p>","margin":"medium"}},{"type":"image","props":{"image":"https:\/\/upload.wikimedia.org\/wikipedia\/commons\/a\/a8\/DunbarsNumber.png","image_alt":"Diagram representing different quantities of stable social relationships, with Dunbar's Number, 150, in the center.","image_border":"rounded","image_svg_color":"emphasis","image_width":800,"margin":"default","text_align":"center"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p>Source: <a href=\"https:\/\/commons.wikimedia.org\/wiki\/File:DunbarsNumber.png#Summary\">Wikimedia Commons<\/a><\/p>","margin":"medium","margin_remove_top":true,"text_align":"center"}},{"type":"quotation","props":{"content":"

<p><span>\u201cWe know that high-performance teams need trust. Therefore, we should keep teams small and closely-knit so they can function without unnecessary dependencies.\u201d<\/span><\/p>"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p>When teams become too large, coordination becomes more difficult, collaboration weakens, and the decision-making process slows down. This is why many high-performing organizations limit team sizes and ensure that each team remains small enough to function effectively without unnecessary bureaucracy or friction.<\/p>\n

<p>For example, Amazon has implemented the famous \u201ctwo-pizza rule,\u201d where each development team should be small enough to be fed by two family-sized pizzas \u2013 typically 6-10 people. Small, autonomous teams make it easier to adapt to changes and reduce dependencies, ensuring that the software architecture remains flexible and modular.<\/p>","margin":"default"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<h2>Managing cognitive load for maximum efficiency<\/h2>\n

<p><span>In addition to team size and communication patterns, another critical factor in productivity is cognitive load \u2013 the total mental effort required to perform a task. When developers are overwhelmed by complex systems, inefficient processes, or excessive responsibilities, productivity decreases. Henning reflects on how it can feel as a developer to hit a mental wall:<\/span><\/p>","margin":"medium"}},{"type":"quotation","props":{"content":"

<p><span>\u201cI often sit and think: Why is this so hard? I know the technology, but there is so much friction in the test environment and processes that I become mentally drained. This is what happens when cognitive load becomes too high.\u201d<\/span><\/p>"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p><span data-contrast=\"auto\" xml:lang=\"DA-DK\" lang=\"DA-DK\" class=\"TextRun SCXW42750738 BCX0\"><span class=\"NormalTextRun SCXW42750738 BCX0\"><span>To reduce cognitive load, one should limit the team's area of responsibility (bounded contexts). This involves setting clear boundaries so that a single team is not involved in too many domains or technologies \u2013 this can be achieved through<\/span> <\/span><\/span><a class=\"Hyperlink SCXW42750738 BCX0\" href=\"https:\/\/mjolner.dk\/en\/?p=18264\" target=\"_blank\" rel=\"noreferrer noopener\"><span data-contrast=\"none\" xml:lang=\"DA-DK\" lang=\"DA-DK\" class=\"TextRun Underlined SCXW42750738 BCX0\"><span class=\"NormalTextRun SCXW42750738 BCX0\" data-ccp-charstyle=\"Hyperlink\">Domain-Driven Design<\/span><\/span><\/a><span data-contrast=\"auto\" xml:lang=\"DA-DK\" lang=\"DA-DK\" class=\"TextRun SCXW42750738 BCX0\"><span class=\"NormalTextRun SCXW42750738 BCX0\">, <span>where a team can focus on one value stream.<\/span><\/span><\/span><\/p>","margin":"default"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<h2><span data-contrast=\"auto\" xml:lang=\"DA-DK\" lang=\"DA-DK\" class=\"TextRun SCXW93031069 BCX0\"><span class=\"NormalTextRun SCXW93031069 BCX0\">Structuring and Designing teams for High performance\u202f<\/span><\/span><span class=\"EOP SCXW93031069 BCX0\" data-ccp-props=\"{}\">\u00a0<\/span><\/h2>\n

<p><span>In addition to reducing cognitive load, it is crucial that individual teams are designed according to their specific purpose. With a clear understanding of socio-technical dynamics, organizations can structure their teams more effectively. Team Topologies describes four central team types:<\/span><\/p>\n

<ul>\n

<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Streamlined teams<\/span><\/b><span data-contrast=\"auto\"> \u2013 Responsible for delivering end-to-end business value and owning specific features or domains.\u00a0<\/span><\/li>\n<\/ul>\n

<ul>\n

<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"2\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Enabling teams<\/span><\/b><span data-contrast=\"auto\"> \u2013 Help streamlined teams acquire new skills, such as DevOps practices or security expertise.\u202f<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n

<ul>\n

<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"3\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Platform teams<\/span><\/b><span data-contrast=\"auto\"> \u2013 Maintain shared infrastructure and reduce the operational burden for development teams.\u202f<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n

<ul>\n

<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"4\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Complicated subsystem teams<\/span><\/b><span data-contrast=\"auto\"> \u2013 Handle specialized, complex components that require deep technical expertise.\u00a0<\/span><\/li>\n<\/ul>\n

<p><span>A well-organized team structure is not only about defining team types but also about how the individual teams collaborate. Team Topologies identifies three primary interaction modes:<\/span><\/p>\n

<ul>\n

<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"5\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\"><b>Collaboration <\/b>\u2013 Teams work closely together when solving new or complex problems.\u202f<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n

<ul>\n

<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"6\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\"><b>Facilitation <\/b>\u2013 One team helps another develop new competencies and then steps back.\u202f<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n

<ul>\n

<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"7\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Access-as-a-Service<\/span><\/b><span data-contrast=\"auto\"> \u2013 Teams interact with minimal direct communication via well-defined APIs or automated processes.\u202f<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n

<p><span>Although clear communication and good collaboration are parameters that can be perceived as \"soft\" and difficult to measure, they can have a decisive impact on the business and the bottom line. As Henning puts it:<\/span><\/p>","margin":"medium"}},{"type":"quotation","props":{"content":"

<p><span>\u201cWe can have the best processes on paper, but if teams do not communicate effectively or have the right structure, everything falls apart.\u201d<\/span><\/p>"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<h2><span class=\"EOP SCXW166025125 BCX0\" data-ccp-props=\"{}\">Take the step from theory to practice with team topologies<\/span><\/h2>\n

<p><span data-ccp-props=\"{}\">Team Topologies shows us that success in software development is not just about talent, but also about structure. By designing teams with clear roles, reducing cognitive load, and understanding the interaction between people and technology, organizations can create more effective and sustainable development teams. <\/span><\/p>\n

<p><span>Whether you work in a large company or a startup, small changes in team organization can have a big impact. You can start by mapping your dependencies, identifying bottlenecks, and considering how team design can support your architecture rather than hinder it. Perhaps Team Topologies can help you create better collaboration and more robust systems.<\/span><\/p>","margin":"medium"}},{"type":"quotation","props":{"author":"Henning B\u00f6ttger","content":"

<p><span>\u201cThis is not about a revolution, but about small, meaningful adjustments that can make a huge difference.\u201d<\/span><\/p>","link":"https:\/\/www.linkedin.com\/in\/henningboettger\/","link_target":true}},{"type":"video","props":{"margin":"large","text_align":"center","video":"https:\/\/www.youtube.com\/watch?v=9j5OTNWes6I","video_controls":true,"video_width":"800"}}]}]}]}],"version":"4.4.2","yooessentialsVersion":"2.2.14"} --></p>
<p>Indlægget <a href="https://mjolner.dk/en/blog/project-management-en/team-topologies/">How to Create High-Performing Software Teams with Team Topologies</a> blev først udgivet på <a href="https://mjolner.dk/en/">Mjølner</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Rapid prototyping</title>
		<link>https://mjolner.dk/en/blog/embedded-en/rapid-prototyping/</link>
		
		<dc:creator><![CDATA[aidup]]></dc:creator>
		<pubDate>Wed, 12 Mar 2025 07:07:48 +0000</pubDate>
				<category><![CDATA[Embedded]]></category>
		<category><![CDATA[Manufacturing]]></category>
		<category><![CDATA[Project Management]]></category>
		<category><![CDATA[Device prototyping]]></category>
		<category><![CDATA[Software Development]]></category>
		<category><![CDATA[Softwareudviklingsprocessen]]></category>
		<guid isPermaLink="false">https://mjolner.dk/uncategorized/rapid-prototyping/</guid>

					<description><![CDATA[<p>Test your business idea quickly and cost-effectively with rapid prototyping As a decision-maker, building a prototype may seem like a significant investment. What if the product never reaches the market? Would that money be wasted? The reality is that with off-the-shelf components and open-source platforms, you can minimize both time and costs. And even if [&#8230;]</p>
<p>Indlægget <a href="https://mjolner.dk/en/blog/embedded-en/rapid-prototyping/">Rapid prototyping</a> blev først udgivet på <a href="https://mjolner.dk/en/">Mjølner</a>.</p>
]]></description>
										<content:encoded><![CDATA[<h1>Test your business idea quickly and cost-effectively with rapid prototyping</h1>
<div>
<p data-start="0" data-end="234"><strong>As a decision-maker, building a prototype may seem like a significant investment. What if the product never reaches the market? Would that money be wasted? </strong><strong>The reality is that with off-the-shelf components and open-source platforms, you can minimize both time and costs. And even if the idea never becomes a final product, rapid prototyping remains a fast and affordable way to refine your business strategy and make better decisions.</strong></p>
<p data-start="518" data-end="666" data-is-last-node="" data-is-only-node="">Bent Bisballe Nyeng is a Senior Embedded Solution Architect at Mjølner. We asked him about the benefits of rapid prototyping and how to get started.</p>
</div>
<div>
<h2 data-start="0" data-end="56">How to Test a Business Idea with Rapid Prototyping</h2>
<p data-start="58" data-end="303">So, you want to test a business idea using rapid prototyping? Well, the obvious answer is to call Mjølner! Jokes aside, at Mjølner, we follow a three-phase approach to rapid prototyping, where we assess at each stage whether to proceed or not.</p>
<p data-start="305" data-end="561">We apply a &#8220;Fail Early&#8221; strategy, identifying errors and challenges as soon as possible—so we can learn from them quickly. The goal is to minimize risk, reduce costs, and improve the prototype before too many resources are spent on a failed idea.</p>
<p data-start="563" data-end="608"><strong data-start="568" data-end="606">Phase 1: Technological Feasibility</strong></p>
<p data-start="609" data-end="896">At this stage, we focus on assessing the technology rather than optimizing every detail. Factors like power consumption are less important. We use standard components to avoid expensive custom solutions. The goal is to quickly determine whether the chosen technology is viable.</p>
<p><strong data-start="903" data-end="943">Phase 2: Refinement and Optimization</strong></p>
<p data-start="946" data-end="1221">Here, we take a more detailed approach, evaluating each component alongside the software. Can we adjust parameters to lower power consumption? Software often plays a key role in this phase. The objective is to qualify and refine the prototype before moving forward.</p>
<p data-start="1223" data-end="1267"><strong data-start="1228" data-end="1265">Phase 3: Pre-Production Prototype</strong></p>
<p data-start="1268" data-end="1531">Now, we start working towards a production-ready prototype. This advanced prototype closely resembles the final product in design, functionality, and materials. It is used to test and validate the production process before scaling up to mass production.</p>
<p data-start="1585" data-end="1825">The strength of our approach is that the testing phase carries low risk. We stay in close collaboration with the customer throughout the process, continuously assessing whether to move forward or halt development if necessary.</p>
<p data-start="1827" data-end="1959" data-is-last-node="" data-is-only-node="">By failing early, learning fast, and iterating efficiently, we help businesses turn ideas into reality &#8211; without unnecessary risk.</p>
</div>
<p><iframe src="https://www.youtube.com/watch?v=UP6NYCX9uqc"></iframe></p>
<div>
<p style="text-align: center;"><strong>Watch Bent Bisballes introduction and example of a rapid prototyping course. </strong></p>
</div>
<div>
<h2><i><span data-contrast="auto">Why use rapid prototyping in embedded?</span></i><span data-ccp-props="{}"> </span></h2>
<p data-start="71" data-end="280">Starting a large project from scratch can be an expensive and risky endeavor. It often requires significant investments in both time and resources before you even know whether the solution works as expected.</p>
<p data-start="282" data-end="554">An effective way to minimize this risk is to carry out a rapid prototyping process before committing to the entire project. A rapid prototype allows you to quickly test ideas, validate concepts, and identify potential challenges &#8211; all without a major financial investment.</p>
<p><span data-contrast="auto">Here are some good reasons for using rapid prototyping: </span><span data-ccp-props="{&quot;335559685&quot;:360,&quot;335559991&quot;:360}"> </span></p>
<ol>
<li><b><span data-contrast="auto">Faster Time-to-Market</span></b><span> <br /></span><span class="NormalTextRun SCXW40875403 BCX0" data-ccp-parastyle="List Number">With rapid prototyping, you can test and improve ideas quickly. This means that your company can bring products to market faster than competitors, gaining a strategic advantage in industries with rapid technological development.
<p></span></li>
<li><b><span data-contrast="auto">Lower Development Costs</span></b><span><br /></span><span data-ccp-props="{}"><span data-contrast="auto" xml:lang="DA-DK" lang="DA-DK" class="TextRun SCXW114604209 BCX0"><span class="NormalTextRun SCXW114604209 BCX0" data-ccp-parastyle="List Number">Instead of investing in custom-developed hardware and software from the start, standard components can be used to test concepts. This saves money and reduces the risk of misinvestments in failed ideas.
<p></span></span> </span></li>
<li><b><span data-contrast="auto">Better Decision-Making</span></b><span><br /></span><span data-ccp-props="{}"><span data-contrast="auto" xml:lang="DA-DK" lang="DA-DK" class="TextRun SCXW22857083 BCX0"><span class="NormalTextRun SCXW22857083 BCX0" data-ccp-parastyle="List Number">A physical prototype makes it easier to assess the potential of a product. It can be difficult to understand an idea solely from a PowerPoint presentation—but a functioning prototype provides a concrete foundation for strategic decisions.
<p></span></span></span></li>
<li><span><b>Early Feedback from Users and Costumers</b><br /></span><span data-ccp-props="{}"><span class="NormalTextRun SCXW91740875 BCX0" data-ccp-parastyle="List Number">With a quick prototype, you can test the product idea directly with potential customers, making it easier to tailor the solution to market needs. This means fewer iterations later in development and a product that hits the mark.
<p></span> </span></li>
<li><b><span data-contrast="auto">Lower Risk by Failing Early</span></b><span> <br /></span>By identifying and solving errors early in the process, you avoid bigger and more expensive problems later on. It’s all about testing, learning, and adjusting quickly before investing too much in a solution that might not work.</li>
</ol>
</div>
<div>
<h2 data-start="0" data-end="73"><strong data-start="4" data-end="71">Can You Give a Concrete Example of an Embedded Rapid Prototype?</strong></h2>
<p data-start="57" data-end="358">We were recently contacted by a client who wanted to use technology to improve the level of service in rehabilitation. They found that their physiotherapists often visited patients who had not completed their prescribed exercises. This led to wasted time and less effective rehabilitation processes.</p>
<p data-start="360" data-end="692">The solution was a physical device that can be mounted on an exercise bike or a patient’s leg and, using machine learning, determines whether the user is running, standing, or cycling. With Long Range (LoRa) technology, we can wirelessly transmit small data packets over long distances with very low power consumption.</p>
<p data-start="694" data-end="922">One of the client&#8217;s key requirements was minimal battery maintenance—physiotherapists should not have to constantly replace batteries. The goal is for the small device to function for several years on a single battery.</p>
<p data-start="924" data-end="1408" data-is-last-node="" data-is-only-node="">The device integrates into an existing network that physiotherapists already use, providing them with an operational overview and allowing them to focus on their core tasks instead of unnecessary travel. At the same time, it was crucial that the technical solution respects the privacy of patients. The focus is on nudging rather than surveillance, ensuring that the collected data serves as a basis for constructive dialogue between patients and physiotherapists.</p>
</p>
</div>
<div>
<h2></h2>
<h2>What is your best advice to get started with rapid prototyping?</h2>
<p><span data-contrast="auto">It almost sounds like a cliché but my advice is short and sweet: &#8221; Think big, start small, learn fast&#8221;. </span></p>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:360,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;singleLevel&quot;}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><b><span data-contrast="auto">Think big</span></b><span data-contrast="auto"> – Have a clear vision of what you want to achieve, but avoid thinking too complex and specific in the beginning. Focus on the most important function that needs to be tested.</span><span data-ccp-props="{}"> </span></li>
</ul>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:360,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;singleLevel&quot;}" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><b><span data-contrast="auto">Start small</span></b><span data-contrast="auto">– Use off-the-shelf hardware (e.g., Raspberry Pi, Arduino, ESP32) and open-source software to create a quick and cost-effective first version. Avoid designing custom hardware or writing too much code before testing the concept.</span></li>
</ul>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559685&quot;:360,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;singleLevel&quot;}" aria-setsize="-1" data-aria-posinset="3" data-aria-level="1"><b><span data-contrast="auto">Learn fast</span></b><span data-contrast="auto"><span data-contrast="auto"> – </span></span>Test your prototype with real users early, gather feedback, and adjust continuously. It’s better to discover mistakes now rather than later in the process.
<p data-start="175" data-end="275" data-is-last-node="" data-is-only-node="">Want to know more about rapid prototyping? Or test a concrete business idea? Then reach out to Bent!</p>
</li>
</ul>
</div>
<h3>Let&#8217;s have a chat about your next project</h3>
<div>We change and transform business ambitions into concrete, digital solutions.</div>
<div>
<h3>E-mail</h3>
</div>
<div>
<h3>Telefon</h3>
</div>
<div>
<div class="_form_41"></div>
<p><script src="https://mjolnerinformatics.activehosted.com/f/embed.php?id=41" charset="utf-8"></script>
</div>
<p><span id="more-18262"></span><br />
<!-- {"type":"layout","children":[{"type":"section","props":{"image_position":"center-center","style":"default","title_breakpoint":"xl","title_position":"top-left","title_rotation":"left","vertical_align":"","width":"default"},"children":[{"type":"row","children":[{"type":"column","props":{"image_position":"center-center","position_sticky_breakpoint":"m"},"children":[{"type":"headline","props":{"content":"Test your business idea quickly and cost-effectively with rapid prototyping","title_element":"h1"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p data-start=\"0\" data-end=\"234\"><strong>As a decision-maker, building a prototype may seem like a significant investment. What if the product never reaches the market? Would that money be wasted? <\/strong><strong>The reality is that with off-the-shelf components and open-source platforms, you can minimize both time and costs. And even if the idea never becomes a final product, rapid prototyping remains a fast and affordable way to refine your business strategy and make better decisions.<\/strong><\/p>\n

<p data-start=\"518\" data-end=\"666\" data-is-last-node=\"\" data-is-only-node=\"\">Bent Bisballe Nyeng is a Senior Embedded Solution Architect at Mj\u00f8lner. We asked him about the benefits of rapid prototyping and how to get started.<\/p>","margin":"default"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p><\/p>\n

<h2 data-start=\"0\" data-end=\"56\">How to Test a Business Idea with Rapid Prototyping<\/h2>\n

<p data-start=\"58\" data-end=\"303\">So, you want to test a business idea using rapid prototyping? Well, the obvious answer is to call Mj\u00f8lner! Jokes aside, at Mj\u00f8lner, we follow a three-phase approach to rapid prototyping, where we assess at each stage whether to proceed or not.<\/p>\n

<p data-start=\"305\" data-end=\"561\">We apply a \"Fail Early\" strategy, identifying errors and challenges as soon as possible\u2014so we can learn from them quickly. The goal is to minimize risk, reduce costs, and improve the prototype before too many resources are spent on a failed idea.<\/p>\n

<p data-start=\"563\" data-end=\"608\"><strong data-start=\"568\" data-end=\"606\">Phase 1: Technological Feasibility<\/strong><\/p>\n

<p data-start=\"609\" data-end=\"896\">At this stage, we focus on assessing the technology rather than optimizing every detail. Factors like power consumption are less important. We use standard components to avoid expensive custom solutions. The goal is to quickly determine whether the chosen technology is viable.<\/p>\n

<p><strong data-start=\"903\" data-end=\"943\">Phase 2: Refinement and Optimization<\/strong><\/p>\n

<p data-start=\"946\" data-end=\"1221\">Here, we take a more detailed approach, evaluating each component alongside the software. Can we adjust parameters to lower power consumption? Software often plays a key role in this phase. The objective is to qualify and refine the prototype before moving forward.<\/p>\n

<p data-start=\"1223\" data-end=\"1267\"><strong data-start=\"1228\" data-end=\"1265\">Phase 3: Pre-Production Prototype<\/strong><\/p>\n

<p data-start=\"1268\" data-end=\"1531\">Now, we start working towards a production-ready prototype. This advanced prototype closely resembles the final product in design, functionality, and materials. It is used to test and validate the production process before scaling up to mass production.<\/p>\n

<p data-start=\"1585\" data-end=\"1825\">The strength of our approach is that the testing phase carries low risk. We stay in close collaboration with the customer throughout the process, continuously assessing whether to move forward or halt development if necessary.<\/p>\n

<p data-start=\"1827\" data-end=\"1959\" data-is-last-node=\"\" data-is-only-node=\"\">By failing early, learning fast, and iterating efficiently, we help businesses turn ideas into reality - without unnecessary risk.<\/p>","margin":"default"}},{"type":"video","props":{"margin":"medium","margin_remove_bottom":true,"text_align":"center","video":"https:\/\/www.youtube.com\/watch?v=UP6NYCX9uqc","video_controls":true,"video_height":"400"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p style=\"text-align: center;\"><strong>Watch Bent Bisballes introduction and example of a rapid prototyping course.\u00a0<\/strong><\/p>","dropcap":false,"margin":"small","margin_remove_top":false}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p><\/p>\n

<h2><i><span data-contrast=\"auto\">Why use rapid prototyping in embedded?<\/span><\/i><span data-ccp-props=\"{}\">\u00a0<\/span><\/h2>\n

<p data-start=\"71\" data-end=\"280\">Starting a large project from scratch can be an expensive and risky endeavor. It often requires significant investments in both time and resources before you even know whether the solution works as expected.<\/p>\n

<p data-start=\"282\" data-end=\"554\">An effective way to minimize this risk is to carry out a rapid prototyping process before committing to the entire project. A rapid prototype allows you to quickly test ideas, validate concepts, and identify potential challenges - all without a major financial investment.<\/p>\n

<p><span data-contrast=\"auto\">Here are some good reasons for using rapid prototyping: <\/span><span data-ccp-props=\"{&quot;335559685&quot;:360,&quot;335559991&quot;:360}\">\u00a0<\/span><\/p>\n

<ol>\n

<li><b><span data-contrast=\"auto\">Faster Time-to-Market<\/span><\/b><span>\u00a0<br \/><\/span><span class=\"NormalTextRun SCXW40875403 BCX0\" data-ccp-parastyle=\"List Number\">With rapid prototyping, you can test and improve ideas quickly. This means that your company can bring products to market faster than competitors, gaining a strategic advantage in industries with rapid technological development.<br \/><br \/><\/span><\/li>\n

<li><b><span data-contrast=\"auto\">Lower Development Costs<\/span><\/b><span><br \/><\/span><span data-ccp-props=\"{}\"><span data-contrast=\"auto\" xml:lang=\"DA-DK\" lang=\"DA-DK\" class=\"TextRun SCXW114604209 BCX0\"><span class=\"NormalTextRun SCXW114604209 BCX0\" data-ccp-parastyle=\"List Number\">Instead of investing in custom-developed hardware and software from the start, standard components can be used to test concepts. This saves money and reduces the risk of misinvestments in failed ideas.<br \/><br \/><\/span><\/span> <\/span><\/li>\n

<li><b><span data-contrast=\"auto\">Better Decision-Making<\/span><\/b><span><br \/><\/span><span data-ccp-props=\"{}\"><span data-contrast=\"auto\" xml:lang=\"DA-DK\" lang=\"DA-DK\" class=\"TextRun SCXW22857083 BCX0\"><span class=\"NormalTextRun SCXW22857083 BCX0\" data-ccp-parastyle=\"List Number\">A physical prototype makes it easier to assess the potential of a product. It can be difficult to understand an idea solely from a PowerPoint presentation\u2014but a functioning prototype provides a concrete foundation for strategic decisions.<br \/><br \/><\/span><\/span><\/span><\/li>\n

<li><span><b>Early Feedback from Users and Costumers<\/b><br \/><\/span><span data-ccp-props=\"{}\"><span class=\"NormalTextRun SCXW91740875 BCX0\" data-ccp-parastyle=\"List Number\">With a quick prototype, you can test the product idea directly with potential customers, making it easier to tailor the solution to market needs. This means fewer iterations later in development and a product that hits the mark.<br \/><br \/><\/span> <\/span><\/li>\n

<li><b><span data-contrast=\"auto\">Lower Risk by Failing Early<\/span><\/b><span>\u00a0<br \/><\/span>By identifying and solving errors early in the process, you avoid bigger and more expensive problems later on. It\u2019s all about testing, learning, and adjusting quickly before investing too much in a solution that might not work.<\/li>\n<\/ol>\n

<p><\/p>","margin":"default"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p><\/p>\n

<h2 data-start=\"0\" data-end=\"73\"><strong data-start=\"4\" data-end=\"71\">Can You Give a Concrete Example of an Embedded Rapid Prototype?<\/strong><\/h2>\n

<p data-start=\"57\" data-end=\"358\">We were recently contacted by a client who wanted to use technology to improve the level of service in rehabilitation. They found that their physiotherapists often visited patients who had not completed their prescribed exercises. This led to wasted time and less effective rehabilitation processes.<\/p>\n

<p data-start=\"360\" data-end=\"692\">The solution was a physical device that can be mounted on an exercise bike or a patient\u2019s leg and, using machine learning, determines whether the user is running, standing, or cycling. With Long Range (LoRa) technology, we can wirelessly transmit small data packets over long distances with very low power consumption.<\/p>\n

<p data-start=\"694\" data-end=\"922\">One of the client's key requirements was minimal battery maintenance\u2014physiotherapists should not have to constantly replace batteries. The goal is for the small device to function for several years on a single battery.<\/p>\n

<p data-start=\"924\" data-end=\"1408\" data-is-last-node=\"\" data-is-only-node=\"\">The device integrates into an existing network that physiotherapists already use, providing them with an operational overview and allowing them to focus on their core tasks instead of unnecessary travel. At the same time, it was crucial that the technical solution respects the privacy of patients. The focus is on nudging rather than surveillance, ensuring that the collected data serves as a basis for constructive dialogue between patients and physiotherapists.<\/p>\n

<p><\/p>","margin":"default"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<h2><\/h2>\n

<h2>What is your best advice to get started with rapid prototyping?<\/h2>\n

<p><span data-contrast=\"auto\">It almost sounds like a clich\u00e9 but my advice is short and sweet: \" Think big, start small, learn fast\".\u00a0<\/span><\/p>\n

<ul>\n

<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"2\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:360,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;singleLevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Think big<\/span><\/b><span data-contrast=\"auto\"> \u2013 Have a clear vision of what you want to achieve, but avoid thinking too complex and specific in the beginning. Focus on the most important function that needs to be tested.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n

<ul>\n

<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"2\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:360,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;singleLevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"2\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Start small<\/span><\/b><span data-contrast=\"auto\">\u2013 Use off-the-shelf hardware (e.g., Raspberry Pi, Arduino, ESP32) and open-source software to create a quick and cost-effective first version. Avoid designing custom hardware or writing too much code before testing the concept.<\/span><\/li>\n<\/ul>\n

<ul>\n

<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"2\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:360,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;singleLevel&quot;}\" aria-setsize=\"-1\" data-aria-posinset=\"3\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Learn fast<\/span><\/b><span data-contrast=\"auto\"><span data-contrast=\"auto\"> \u2013 <\/span><\/span>Test your prototype with real users early, gather feedback, and adjust continuously. It\u2019s better to discover mistakes now rather than later in the process.\n

<p data-start=\"175\" data-end=\"275\" data-is-last-node=\"\" data-is-only-node=\"\">Want to know more about rapid prototyping? Or test a concrete business idea? Then reach out to Bent!<\/p>\n<\/li>\n<\/ul>","margin":"default","margin_remove_bottom":true}}]}]}]},{"type":"section","props":{"header_transparent":true,"header_transparent_noplaceholder":false,"header_transparent_text_color":"dark","id":"kontakt","image_position":"center-center","overlap":false,"padding_remove_bottom":false,"padding_remove_top":false,"style":"default","title_breakpoint":"xl","title_position":"top-left","title_rotation":"left","vertical_align":"","width":"","yooessentials_form":{"state":true,"html5validation":true,"after_submit_actions":[],"override_action_url":false,"action_method":"POST"}},"children":[{"type":"row","children":[{"type":"column","props":{"image_position":"center-center","position_sticky_breakpoint":"m","width_medium":"1-2"},"children":[{"type":"headline","props":{"content":"Let's have a chat about your next project","title_element":"h3","title_style":"h3"}},{"type":"headline","props":{"content":"We change and transform business ambitions into concrete, digital solutions.","title_element":"div","title_style":"text-large"}},{"type":"fragment","children":[{"type":"row","props":{"layout":"1-2,1-2"},"children":[{"type":"column","props":{"image_position":"center-center","position_sticky_breakpoint":"m","width_medium":"1-2"},"children":[{"type":"image","props":{"image_border":"rounded","image_height":"800","image_svg_color":"emphasis","image_width":"600","margin":"default"},"source":{"query":{"name":"#parent"},"props":{"image":{"filters":{"search":""},"name":"field.billede.url"}}}}]},{"type":"column","props":{"image_position":"center-center","position_sticky_breakpoint":"m","width_medium":"1-2"},"children":[{"type":"panel","props":{"content_column_breakpoint":"m","content_margin":"remove","icon_width":80,"image_align":"top","image_grid_breakpoint":"m","image_grid_width":"1-2","image_svg_color":"emphasis","link_style":"default","link_text":"Read more","margin":"default","meta_align":"below-title","meta_element":"div","meta_style":"text-meta","title_align":"top","title_element":"h3","title_grid_breakpoint":"m","title_grid_width":"1-2","title_hover_style":"reset","title_style":"h5"},"source":{"query":{"name":"#parent"},"props":{"title":{"filters":{"search":""},"name":"title"},"content":{"filters":{"search":""},"name":"field.titel"}}}},{"type":"panel","props":{"content_column_breakpoint":"m","content_margin":"remove","icon_width":80,"image_align":"top","image_grid_breakpoint":"m","image_grid_width":"1-2","image_svg_color":"emphasis","link_style":"default","link_text":"","margin":"default","meta_align":"below-title","meta_element":"div","meta_style":"text-meta","panel_link":true,"title":"E-mail","title_align":"top","title_element":"h3","title_grid_breakpoint":"m","title_grid_width":"1-2","title_hover_style":"reset","title_style":"h6"},"source":{"query":{"name":"#parent"},"props":{"content":{"filters":{"search":""},"name":"field.e_mail"},"link":{"filters":{"search":"","before":"Mailto:"},"name":"field.e_mail"}}}},{"type":"panel","props":{"content_column_breakpoint":"m","content_margin":"remove","icon_width":80,"image_align":"top","image_grid_breakpoint":"m","image_grid_width":"1-2","image_svg_color":"emphasis","link_style":"default","link_text":"","margin":"default","meta_align":"below-title","meta_element":"div","meta_style":"text-meta","panel_link":true,"title":"Telefon","title_align":"top","title_element":"h3","title_grid_breakpoint":"m","title_grid_width":"1-2","title_hover_style":"reset","title_style":"h6"},"source":{"query":{"name":"#parent"},"props":{"content":{"filters":{"search":""},"name":"field.telefon"},"link":{"filters":{"search":"","before":"Tel:"},"name":"field.telefon"}}}}]}]}],"props":{"margin":"default"}}]},{"type":"column","props":{"image_position":"center-center","position_sticky_breakpoint":"m","width_medium":"1-2"},"children":[{"type":"html","props":{"content":"

<div class=\"_form_41\"><\/div><script src=\"https:\/\/mjolnerinformatics.activehosted.com\/f\/embed.php?id=41\" charset=\"utf-8\"><\/script>"}}]}],"props":{"column_gap":"large","layout":"1-2,1-2","margin":"remove-vertical","margin_remove_bottom":true,"width":"default"}}],"name":"[EN] - Sektion - Kontaktperson + formular","source":{"query":{"name":"medarbejdere.customTeam","arguments":{"terms":[],"category_operator":"IN","users":[],"users_operator":"IN","offset":0,"order":"date","order_direction":"DESC","id":6209}},"props":{"_condition":{"filters":{"condition":"!!"},"name":"title"}}},"formid":"6df7c2ec"}],"version":"4.4.2","yooessentialsVersion":"2.2.14"} --></p>
<p>Indlægget <a href="https://mjolner.dk/en/blog/embedded-en/rapid-prototyping/">Rapid prototyping</a> blev først udgivet på <a href="https://mjolner.dk/en/">Mjølner</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>TinyML – The Future of Intelligent Edge Solutions</title>
		<link>https://mjolner.dk/en/blog/software-development-en/tinyml-the-future-of-intelligent-edge-solutions/</link>
		
		<dc:creator><![CDATA[Laura Birkebæk]]></dc:creator>
		<pubDate>Tue, 18 Feb 2025 13:06:43 +0000</pubDate>
				<category><![CDATA[Cloud]]></category>
		<category><![CDATA[Software Development]]></category>
		<category><![CDATA[Embedded]]></category>
		<category><![CDATA[Internet of Things]]></category>
		<category><![CDATA[IT-security]]></category>
		<guid isPermaLink="false">https://mjolner.dk/uncategorized/tinyml-fremtidens-intelligente-edge-loesninger/</guid>

					<description><![CDATA[<p>TinyML – The Future of Intelligent Edge Solutions In a world where artificial intelligence (AI) traditionally requires large amounts of data processing and power, TinyML has emerged as a revolutionary technology. TinyML stands for &#8220;Tiny Machine Learning&#8221; and refers to the ability to run machine learning models on extremely small and energy-efficient devices. This technology [&#8230;]</p>
<p>Indlægget <a href="https://mjolner.dk/en/blog/software-development-en/tinyml-the-future-of-intelligent-edge-solutions/">TinyML – The Future of Intelligent Edge Solutions</a> blev først udgivet på <a href="https://mjolner.dk/en/">Mjølner</a>.</p>
]]></description>
										<content:encoded><![CDATA[<h1>TinyML – The Future of Intelligent Edge Solutions</h1>
<div>
<p><strong>In a world where artificial intelligence (AI) traditionally requires large amounts of data processing and power, TinyML has emerged as a revolutionary technology. TinyML stands for &#8220;Tiny Machine Learning&#8221; and refers to the ability to run machine learning models on extremely small and energy-efficient devices. This technology enables advanced data analysis directly on microcontrollers and edge devices without the need for a constant cloud connection.</strong></p>
<p>Mjølner&#8217;s Embedded Department recently invited a promising Danish researcher, Ph.D. student Emil Njor from DTU, to give a talk and share his knowledge in the field of TinyML. It led to an exciting technological discussion, covering tools such as compilers, models, algorithms, data, and hardware. Emil emphasized how the technology can be applied across sectors and how developments in supporting tools make it easier to develop TinyML based on existing systems. One very concrete outcome of Emil’s Ph.D. work is a framework for creating better datasets to evaluate the quality of a TinyML algorithm.</p>
</div>
<div>
<h2 aria-level="2"><span data-contrast="none">What is TinyML?</span><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}"> </span></h2>
<p>Research in TinyML focuses on taking well-known algorithms and optimizing them so that they require minimal processing power and energy. This makes it possible to implement intelligent features in devices that were previously too limited to handle AI computations. This opens the door to a range of new applications within <strong>IoT</strong>,<strong> industrial systems</strong>,<strong> health technology</strong>,<strong> and smart products</strong>.</p>
<p>One of the major advantages of TinyML is its <strong>ultra-low power consumption</strong>, meaning that devices can run AI solutions for months or even years on a single battery charge. This is a game-changer for IoT and embedded systems, where battery life is often a significant challenge.</p>
</div>
<div>
<h2 aria-level="2"><span data-contrast="none">Embedded and TinyML: Make small devices smarter</span></h2>
<p>Embedded development at Mjølner is about creating efficient, user-friendly, and optimized systems for specialized hardware. TinyML fits perfectly into this context because it allows for the integration of machine learning directly onto small, resource-constrained devices without the need for a cloud connection or with minimal cloud dependency.</p>
</div>
<p><img decoding="async" src="/wp-content/uploads/2025/02/1N9A1648-scaled.jpg" alt="Embedded Mjølner TinyML"></p>
<div>
<h2>Why Should Companies Consider TinyML?</h2>
<p>At Mjølner, we already have projects and clients working with TinyML, but we also find that many companies are not yet ready to fully implement it. As a result, most of our client engagements start with a <strong>technology briefing</strong>, which helps identify the company’s competencies for launching TinyML projects.</p>
<p>Starting TinyML projects requires in-house <strong>technical expertise</strong>, but it also opens up exciting opportunities. With specialized knowledge in embedded resources, compiler optimization, and hardware customization, companies can create more efficient and innovative solutions, giving them a significant <strong>competitive advantage</strong>.</p>
</div>
<div>
<h3 aria-level="2"><span data-contrast="none">4 advantages with TinyML: </span><span data-ccp-props="{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}"> </span></h3>
<ul>
<li><strong>Reduce the need for constant cloud connectivity</strong>, thereby improving privacy and security, as data does not necessarily need to be transferred to the cloud.</li>
</ul>
<ul>
<li><strong>Minimize latency</strong>, as AI computations are performed directly on the device.</li>
</ul>
<ul>
<li><strong>Build robust systems</strong> that can operate even in offline environments.</li>
</ul>
<ul>
<li><strong>Save energy and resources</strong>, which impacts both operation and sustainability.</li>
</ul>
</div>
<p><img decoding="async" src="/wp-content/uploads/2025/02/1N9A1718-scaled.jpg" alt="Mjølner Embedded TinyML"></p>
<div>
<h2>We Asked the Experts: Opportunities and Limitations of TinyML</h2>
<p>The developers in our embedded department have an in-depth knowledge of TinyML and have worked with several clients to introduce it into their projects. As a result, they are well aware of the opportunities and limitations the technology brings.</p>
<h3>The Future of TinyML</h3>
<p>We are just at the beginning of TinyML&#8217;s potential. As the technology matures and more companies gain access to the necessary competencies, we will witness an explosion of new application possibilities. For businesses looking to stay ahead, now is the time to begin exploring TinyML and the advantages it can bring.</p>
<p>At Mjølner, we closely follow developments and help companies understand and implement TinyML in their solutions. Want to learn more about how TinyML can make a difference for your business?</p>
</div>
<p>
    <a href="#footer-form">Contact us for an informal conversation about the possibilities</a>
</p>
<p><span id="more-18263"></span><br />
<!-- {"type":"layout","children":[{"type":"section","props":{"image_position":"center-center","style":"default","title_breakpoint":"xl","title_position":"top-left","title_rotation":"left","vertical_align":"","width":"default"},"children":[{"type":"row","children":[{"type":"column","props":{"image_position":"center-center","position_sticky_breakpoint":"m"},"children":[{"type":"headline","props":{"attributes":"\n","content":"TinyML \u2013 The Future of Intelligent Edge Solutions","title_element":"h1"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p><strong>In a world where artificial intelligence (AI) traditionally requires large amounts of data processing and power, TinyML has emerged as a revolutionary technology. TinyML stands for \"Tiny Machine Learning\" and refers to the ability to run machine learning models on extremely small and energy-efficient devices. This technology enables advanced data analysis directly on microcontrollers and edge devices without the need for a constant cloud connection.<\/strong><\/p>\n

<p>Mj\u00f8lner's Embedded Department recently invited a promising Danish researcher, Ph.D. student Emil Njor from DTU, to give a talk and share his knowledge in the field of TinyML. It led to an exciting technological discussion, covering tools such as compilers, models, algorithms, data, and hardware. Emil emphasized how the technology can be applied across sectors and how developments in supporting tools make it easier to develop TinyML based on existing systems. One very concrete outcome of Emil\u2019s Ph.D. work is a framework for creating better datasets to evaluate the quality of a TinyML algorithm.<\/p>","margin":"default"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<h2 aria-level=\"2\"><span data-contrast=\"none\">What is TinyML?<\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}\">\u00a0<\/span><\/h2>\n

<p>Research in TinyML focuses on taking well-known algorithms and optimizing them so that they require minimal processing power and energy. This makes it possible to implement intelligent features in devices that were previously too limited to handle AI computations. This opens the door to a range of new applications within <strong>IoT<\/strong>,<strong> industrial systems<\/strong>,<strong> health technology<\/strong>,<strong> and smart products<\/strong>.<\/p>\n

<p>One of the major advantages of TinyML is its <strong>ultra-low power consumption<\/strong>, meaning that devices can run AI solutions for months or even years on a single battery charge. This is a game-changer for IoT and embedded systems, where battery life is often a significant challenge.<\/p>","margin":"default"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<h2 aria-level=\"2\"><span data-contrast=\"none\">Embedded and TinyML: Make small devices smarter<\/span><\/h2>\n

<p>Embedded development at Mj\u00f8lner is about creating efficient, user-friendly, and optimized systems for specialized hardware. TinyML fits perfectly into this context because it allows for the integration of machine learning directly onto small, resource-constrained devices without the need for a cloud connection or with minimal cloud dependency.<\/p>","margin":"default"}},{"type":"image","props":{"image":"wp-content\/uploads\/2025\/02\/1N9A1648-scaled.jpg","image_alt":"Embedded Mj\u00f8lner TinyML","image_border":"rounded","image_svg_color":"emphasis","margin":"default"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<h2>Why Should Companies Consider TinyML?<\/h2>\n

<p>At Mj\u00f8lner, we already have projects and clients working with TinyML, but we also find that many companies are not yet ready to fully implement it. As a result, most of our client engagements start with a <strong>technology briefing<\/strong>, which helps identify the company\u2019s competencies for launching TinyML projects.<\/p>\n

<p>Starting TinyML projects requires in-house <strong>technical expertise<\/strong>, but it also opens up exciting opportunities. With specialized knowledge in embedded resources, compiler optimization, and hardware customization, companies can create more efficient and innovative solutions, giving them a significant <strong>competitive advantage<\/strong>.<\/p>","margin":"default"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<h3 aria-level=\"2\"><span data-contrast=\"none\">4 advantages with TinyML: <\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}\">\u00a0<\/span><\/h3>\n

<ul>\n

<li><strong>Reduce the need for constant cloud connectivity<\/strong>, thereby improving privacy and security, as data does not necessarily need to be transferred to the cloud.<\/li>\n<\/ul>\n

<p><\/p>\n

<ul>\n

<li><strong>Minimize latency<\/strong>, as AI computations are performed directly on the device.<\/li>\n<\/ul>\n

<p><\/p>\n

<ul>\n

<li><strong>Build robust systems<\/strong> that can operate even in offline environments.<\/li>\n<\/ul>\n

<p><\/p>\n

<ul>\n

<li><strong>Save energy and resources<\/strong>, which impacts both operation and sustainability.<\/li>\n<\/ul>","margin":"default"}},{"type":"image","props":{"image":"wp-content\/uploads\/2025\/02\/1N9A1718-scaled.jpg","image_alt":"Mj\u00f8lner Embedded TinyML","image_border":"rounded","image_svg_color":"emphasis","margin":"default","text_align":"center"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<h2>We Asked the Experts: Opportunities and Limitations of TinyML<\/h2>\n

<p>The developers in our embedded department have an in-depth knowledge of TinyML and have worked with several clients to introduce it into their projects. As a result, they are well aware of the opportunities and limitations the technology brings.<\/p>\n

<h3>The Future of TinyML<\/h3>\n

<p>We are just at the beginning of TinyML's potential. As the technology matures and more companies gain access to the necessary competencies, we will witness an explosion of new application possibilities. For businesses looking to stay ahead, now is the time to begin exploring TinyML and the advantages it can bring.<\/p>\n

<p>At Mj\u00f8lner, we closely follow developments and help companies understand and implement TinyML in their solutions. Want to learn more about how TinyML can make a difference for your business?<\/p>","css":"\n","margin":"default"}},{"type":"button","props":{"grid_column_gap":"small","grid_row_gap":"small","margin":"medium","text_align":"center"},"children":[{"type":"button_item","props":{"button_style":"primary","content":"Contact us for an informal conversation about the possibilities","icon_align":"left","link":"#footer-form"}}]}]}]}]}],"version":"4.4.2","yooessentialsVersion":"2.2.14"} --></p>
<p>Indlægget <a href="https://mjolner.dk/en/blog/software-development-en/tinyml-the-future-of-intelligent-edge-solutions/">TinyML – The Future of Intelligent Edge Solutions</a> blev først udgivet på <a href="https://mjolner.dk/en/">Mjølner</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>What is Domain Driven Design?</title>
		<link>https://mjolner.dk/en/blog/project-management-en/what-is-domain-driven-design/</link>
		
		<dc:creator><![CDATA[Julie]]></dc:creator>
		<pubDate>Wed, 27 Nov 2024 13:02:28 +0000</pubDate>
				<category><![CDATA[Project Management]]></category>
		<category><![CDATA[Software Development]]></category>
		<category><![CDATA[Flexible Software Systems]]></category>
		<category><![CDATA[Software Development Process]]></category>
		<guid isPermaLink="false">https://mjolner.dk/uncategorized/hvad-er-domain-driven-design/</guid>

					<description><![CDATA[<p>What is Domain Driven Design – And what does it mean for my business? With Domain-Driven Design (DDD), you place the focus of software development on the &#8220;domain,&#8221; meaning the specific business context in which the software operates. This can give you and your business an advantage in a complex market. But what exactly is [&#8230;]</p>
<p>Indlægget <a href="https://mjolner.dk/en/blog/project-management-en/what-is-domain-driven-design/">What is Domain Driven Design?</a> blev først udgivet på <a href="https://mjolner.dk/en/">Mjølner</a>.</p>
]]></description>
										<content:encoded><![CDATA[<h1><span data-contrast="none" xml:lang="DA-DK" lang="DA-DK" class="TextRun SCXW12366669 BCX8"><span class="NormalTextRun SCXW12366669 BCX8" data-ccp-parastyle="heading 1">What is Domain Driven Design – And what does it mean for my business?</span></span></h1>
<div>
<p><strong>With Domain-Driven Design (DDD), you place the focus of software development on the &#8220;domain,&#8221; meaning the specific business context in which the software operates. This can give you and your business an advantage in a complex market. But what exactly is Domain-Driven Design, and how do you use this approach? Let’s take a closer look.</strong></p>
<p>Domain-Driven Design, or DDD, is an <a href="https://www.youtube.com/watch?v=pMuiVlnGqjk">approach to designing and developing software</a> that is deeply rooted in the company’s core area. At its core, DDD emphasizes collaboration between technical and business experts to create a shared understanding of the business domain and model software that accurately reflects it.</p>
</div>
<blockquote>
<p>&#8220;It is the developer&#8217;s, not the business&#8217;s, understanding of the problem that ends up as software. The most important task in <a href="https://ddd.academy/alberto-brandolini/">Domain-Driven Design</a> is therefore to make the implicit explicit.&#8221;</p>
<footer>
<p>                <cite>Alberto Brandolini, Strategic IT consultant and inventor of EventStorming.</cite></p>
</footer>
</blockquote>
<div>
<p>DDD is about building software that truly understands and solves the specific problems within a business. It involves breaking down complex business processes into manageable parts and creating software that mirrors these processes. By focusing on the company&#8217;s core areas, DDD ensures that the software is tailored to meet the unique needs and challenges the business faces.</p>
<p>Software that is precisely aligned with the business’s needs provides the company with much better opportunities to adapt and innovate &#8211; thus distinguishing itself from competitors. In short, DDD provides a business advantage in the market.</p>
</div>
<div>
<h2></h2>
<h2 data-start="0" data-end="80">The Competitive Advantages of DDD: Customization, Flexibility, and Precision</h2>
<p data-start="82" data-end="413">By deeply understanding and modeling the business domain, companies can use Domain-Driven Design to respond to market changes more quickly. This agility can lead to faster time-to-market for new products and services, providing businesses with a significant advantage over competitors relying on more rigid off-the-shelf solutions.</p>
<p data-start="415" data-end="532" data-is-last-node="" data-is-only-node="">Domain-Driven Design offers several benefits, making it a great choice for businesses with unique or complex needs:</p>
</div>
<ul>
<li>
<h3>🤓</h3>
<div>
<p>The software development process is closely aligned with business goals. By involving business experts in the design process, DDD helps create software that truly reflects the business domain.</p>
</div>
</li>
<li>
<h3>🤝</h3>
<div>
<p>DDD establishes a common language between technical and business-oriented teams. As a result, DDD also helps improve communication and ensures that everyone is on the same page and working towards common goals.</p>
</div>
</li>
<li>
<h3>📈</h3>
<div>
<p>By using the DDD approach to create modular and flexible software systems, it becomes easier to adapt to changes in the overall system landscape and scale the system as needed.</p>
</div>
</li>
</ul>
<div>
<p>In a world where companies are constantly striving to differentiate themselves, having software that is perfectly tailored to your business processes can be a game-changer. This allows you to achieve a level of precision and efficiency that standard solutions cannot match.</p>
<p>The close collaboration between business and technical teams also leads to better decision-making and more effective problem-solving. This collaborative approach ensures that the software not only meets the current business needs but is also able to evolve as the company grows and changes. In other words, there is a shorter path from business idea to digital action.</p>
</div>
<div>
<h2></h2>
<h2><strong>Why standard solutions aren&#8217;t always enough</strong></h2>
<p>The focus of the DDD approach on customization might sound expensive and cumbersome. Why not just use a standard system? Standard solutions like Customer Relationship Management (CRM) or Enterprise Resource Planning (ERP) are designed to meet common business needs. While they can be highly effective for many organizations, they often fall short when it comes to handling unique or complex business requirements.</p>
<p>As a business, some of the disadvantages of standard solutions can be:</p>
</div>
<ul>
<li>
<h3>🥱</h3>
<div>
<p>Limited opportunities for innovation. As a company evolves, you may find that standard solutions are not flexible enough to adapt to new requirements or changes in the company’s business model.</p>
</div>
</li>
<li>
<h3>🔁</h3>
<div>
<p>Difficult to stand out. If the core business is tied to a standard system, it becomes challenging to differentiate in the market. Other companies can easily replicate the business model, creating a tough competitive situation.</p>
</div>
</li>
<li>
<h3>⏳</h3>
<div>
<p>Inefficiency or the need for expensive customizations. Standard solutions are built for a wide range of  businesses and may not fit your specific business processes.</p>
</div>
</li>
<li>
<h3>💸</h3>
<div>
<p>Counterproductive complexity and unnecessary costs. Standard systems may include features that the company may never use, yet still pay for and maintain.</p>
</div>
</li>
</ul>
<div>
<p>At Mjølner, we have often encountered standard systems that, over the years, have been attempted to be adapted to handle processes they were never designed for. This can mean that the company becomes increasingly dependent on the system, and it may even result in the business and organization having to adapt to the system, rather than the other way around.</p>
</div>
<div>
<h2></h2>
<h2>Improvement of Quality and Maintenance with Domain-Driven Design</h2>
<p>Another important aspect of DDD is its positive impact on the quality and maintenance of software systems. By creating a clear and precise model of the business domain, DDD helps ensure that the software is built correctly from the start. Additionally, the modular nature of DDD makes it easier to maintain and update the software over time. As the system is divided into well-defined bounded contexts, changes can be made in one part of the system without affecting others.</p>
<p>DDD also promotes the use of best practices like Test-Driven Development (TDD) and Behavior-Driven Development (BDD), which further enhance the quality and reliability of the software. By thoroughly testing the software and ensuring it behaves as expected, the risk of errors is reduced, improving overall quality.</p>
<p>When it comes to long-term maintenance, DDD is an invaluable approach. By having a clear and well-defined model of the business domain, development teams can more easily understand and navigate the code &#8211; even when new developers join. This enables teams to make changes and additions without worrying about unintended consequences in other parts of the system. The clear structure and division into bounded contexts mean that each part of the system can be developed and maintained independently. This reduces complexity and enhances the system&#8217;s robustness.</p>
</div>
<div>
<h2></h2>
<h2><strong>Summary: Build Long-Lasting Software with DDD</strong></h2>
<p>Domain-Driven Design ensures that software remains relevant and effective over time. As the business evolves, the models and contexts defined in DDD can be adapted and expanded to meet new requirements and challenges. This enables companies to remain agile and responsive, even in a dynamic and changing market.</p>
<p>DDD is more than just a technical approach. It is a mindset that brings business-oriented and technical teams together to create software that truly meets the unique needs of the business. By focusing on the core business domain and fostering collaboration, DDD helps companies build software that is flexible, adaptable, and targeted. For business leaders, understanding and embracing Domain-Driven Design can lead to more efficient software solutions that deliver real business value.</p>
<p>Next time you face a complex business problem, consider whether DDD could be the right approach for your organization. Or give us a call. We’re happy to help turn your business ambitions into concrete digital solutions.</p>
</div>
<div>
<div>
<div class="contact-card">
<div class="profile-image">
<p><img fetchpriority="high" decoding="async" src="https://mjolner.dk/wp-content/uploads/2024/11/MJO-1-300x300.jpg" alt="Morten Jokumsen" width="300" height="300" class="alignnone wp-image-17061 size-medium" srcset="https://mjolner.dk/wp-content/uploads/2024/11/MJO-1-300x300.jpg 300w, https://mjolner.dk/wp-content/uploads/2024/11/MJO-1-150x150.jpg 150w, https://mjolner.dk/wp-content/uploads/2024/11/MJO-1.jpg 648w" sizes="(max-width: 300px) 100vw, 300px" /></p>
</div>
<div class="contact-info">
<p class="contact-name-card">Morten Jokumsen</p>
<p class="title"><span>Senior Solution Architect</span></p>
<div class="contact-details">
<div class="phone"><img decoding="async" src="https://mjolner.dk/wp-content/uploads/2024/10/phone-icon-blue-1.png" alt="Phone Icon" /> <a href="tel:+45 41 95 36 45">+45 41 95 36 45</a></div>
<div class="email"><img decoding="async" src="https://mjolner.dk/wp-content/uploads/2017/11/mail48_blue-1.svg" alt="Email Icon" /> <a href="mailto:mjo@mjolner.dk">mjo@mjolner.dk</a></div>
</div>
</div>
</div>
</div>
</div>
<p><span id="more-18264"></span><br />
<!-- {"type":"layout","children":[{"type":"section","props":{"image_position":"center-center","style":"default","title_breakpoint":"xl","title_position":"top-left","title_rotation":"left","vertical_align":"","width":"default"},"children":[{"type":"row","children":[{"type":"column","props":{"image_position":"center-center","position_sticky_breakpoint":"m"},"children":[{"type":"headline","props":{"content":"<span data-contrast=\"none\" xml:lang=\"DA-DK\" lang=\"DA-DK\" class=\"TextRun SCXW12366669 BCX8\"><span class=\"NormalTextRun SCXW12366669 BCX8\" data-ccp-parastyle=\"heading 1\">What is Domain Driven Design \u2013 And what does it mean for my business?<\/span><\/span>","title_element":"h1"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p><strong>With Domain-Driven Design (DDD), you place the focus of software development on the \"domain,\" meaning the specific business context in which the software operates. This can give you and your business an advantage in a complex market. But what exactly is Domain-Driven Design, and how do you use this approach? Let\u2019s take a closer look.<\/strong><\/p>\n

<p>Domain-Driven Design, or DDD, is an <a href=\"https:\/\/www.youtube.com\/watch?v=pMuiVlnGqjk\">approach to designing and developing software<\/a> that is deeply rooted in the company\u2019s core area. At its core, DDD emphasizes collaboration between technical and business experts to create a shared understanding of the business domain and model software that accurately reflects it.<\/p>","margin":"default"}},{"type":"quotation","props":{"author":"Alberto Brandolini, Strategic IT consultant and inventor of EventStorming.","content":"

<p>\"It is the developer's, not the business's, understanding of the problem that ends up as software. The most important task in <a href=\"https:\/\/ddd.academy\/alberto-brandolini\/\">Domain-Driven Design<\/a> is therefore to make the implicit explicit.\"<\/p>"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<p>DDD is about building software that truly understands and solves the specific problems within a business. It involves breaking down complex business processes into manageable parts and creating software that mirrors these processes. By focusing on the company's core areas, DDD ensures that the software is tailored to meet the unique needs and challenges the business faces.<\/p>\n

<p>Software that is precisely aligned with the business\u2019s needs provides the company with much better opportunities to adapt and innovate - thus distinguishing itself from competitors. In short, DDD provides a business advantage in the market.<\/p>","margin":"default"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<h2><\/h2>\n

<h2 data-start=\"0\" data-end=\"80\">The Competitive Advantages of DDD: Customization, Flexibility, and Precision<\/h2>\n

<p data-start=\"82\" data-end=\"413\">By deeply understanding and modeling the business domain, companies can use Domain-Driven Design to respond to market changes more quickly. This agility can lead to faster time-to-market for new products and services, providing businesses with a significant advantage over competitors relying on more rigid off-the-shelf solutions.<\/p>\n

<p data-start=\"415\" data-end=\"532\" data-is-last-node=\"\" data-is-only-node=\"\">Domain-Driven Design offers several benefits, making it a great choice for businesses with unique or complex needs:<\/p>","margin":"default"}},{"type":"description_list","props":{"column_breakpoint":"m","layout":"grid-2","list_element":"ul","meta_align":"below-content","meta_style":"text-meta","show_content":true,"show_link":true,"show_meta":true,"show_title":true,"title_element":"div","title_grid_column_gap":"small","title_grid_row_gap":"small","title_grid_width":"auto"},"children":[{"type":"description_list_item","props":{"content":"

<p>The software development process is closely aligned with business goals. By involving business experts in the design process, DDD helps create software that truly reflects the business domain.<\/p>","title":"\ud83e\udd13"}},{"type":"description_list_item","props":{"content":"

<p>DDD establishes a common language between technical and business-oriented teams. As a result, DDD also helps improve communication and ensures that everyone is on the same page and working towards common goals.<\/p>","title":"\ud83e\udd1d"}},{"type":"description_list_item","props":{"content":"

<p>By using the DDD approach to create modular and flexible software systems, it becomes easier to adapt to changes in the overall system landscape and scale the system as needed.<\/p>","title":"\ud83d\udcc8"}}]},{"type":"text","props":{"column_breakpoint":"m","content":"

<p>In a world where companies are constantly striving to differentiate themselves, having software that is perfectly tailored to your business processes can be a game-changer. This allows you to achieve a level of precision and efficiency that standard solutions cannot match.<\/p>\n

<p>The close collaboration between business and technical teams also leads to better decision-making and more effective problem-solving. This collaborative approach ensures that the software not only meets the current business needs but is also able to evolve as the company grows and changes. In other words, there is a shorter path from business idea to digital action.<\/p>","margin":"default"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<h2><\/h2>\n

<h2><strong>Why standard solutions aren't always enough<\/strong><\/h2>\n

<p>The focus of the DDD approach on customization might sound expensive and cumbersome. Why not just use a standard system? Standard solutions like Customer Relationship Management (CRM) or Enterprise Resource Planning (ERP) are designed to meet common business needs. While they can be highly effective for many organizations, they often fall short when it comes to handling unique or complex business requirements.<\/p>\n

<p>As a business, some of the disadvantages of standard solutions can be:<\/p>","margin":"default"}},{"type":"description_list","props":{"column_breakpoint":"m","layout":"grid-2","list_element":"ul","meta_align":"below-content","meta_style":"text-meta","show_content":true,"show_link":true,"show_meta":true,"show_title":true,"title_element":"div","title_grid_column_gap":"small","title_grid_row_gap":"small","title_grid_width":"auto"},"children":[{"type":"description_list_item","props":{"content":"

<p>Limited opportunities for innovation. As a company evolves, you may find that standard solutions are not flexible enough to adapt to new requirements or changes in the company\u2019s business model.<\/p>","title":"\ud83e\udd71"}},{"type":"description_list_item","props":{"content":"

<p>Difficult to stand out. If the core business is tied to a standard system, it becomes challenging to differentiate in the market. Other companies can easily replicate the business model, creating a tough competitive situation.<\/p>","title":"\ud83d\udd01"}},{"type":"description_list_item","props":{"content":"

<p>Inefficiency or the need for expensive customizations. Standard solutions are built for a wide range of\u00a0 businesses and may not fit your specific business processes.<\/p>","title":"\u23f3"}},{"type":"description_list_item","props":{"content":"

<p>Counterproductive complexity and unnecessary costs. Standard systems may include features that the company may never use, yet still pay for and maintain.<\/p>","title":"\ud83d\udcb8"}}]},{"type":"text","props":{"column_breakpoint":"m","content":"

<p>At Mj\u00f8lner, we have often encountered standard systems that, over the years, have been attempted to be adapted to handle processes they were never designed for. This can mean that the company becomes increasingly dependent on the system, and it may even result in the business and organization having to adapt to the system, rather than the other way around.<\/p>","margin":"default"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<h2><\/h2>\n

<h2>Improvement of Quality and Maintenance with Domain-Driven Design<\/h2>\n

<p>Another important aspect of DDD is its positive impact on the quality and maintenance of software systems. By creating a clear and precise model of the business domain, DDD helps ensure that the software is built correctly from the start. Additionally, the modular nature of DDD makes it easier to maintain and update the software over time. As the system is divided into well-defined bounded contexts, changes can be made in one part of the system without affecting others.<\/p>\n

<p>DDD also promotes the use of best practices like Test-Driven Development (TDD) and Behavior-Driven Development (BDD), which further enhance the quality and reliability of the software. By thoroughly testing the software and ensuring it behaves as expected, the risk of errors is reduced, improving overall quality.<\/p>\n

<p>When it comes to long-term maintenance, DDD is an invaluable approach. By having a clear and well-defined model of the business domain, development teams can more easily understand and navigate the code - even when new developers join. This enables teams to make changes and additions without worrying about unintended consequences in other parts of the system. The clear structure and division into bounded contexts mean that each part of the system can be developed and maintained independently. This reduces complexity and enhances the system's robustness.<\/p>","margin":"default"}},{"type":"text","props":{"column_breakpoint":"m","content":"

<h2><\/h2>\n

<h2><strong>Summary: Build Long-Lasting Software with DDD<\/strong><\/h2>\n

<p>Domain-Driven Design ensures that software remains relevant and effective over time. As the business evolves, the models and contexts defined in DDD can be adapted and expanded to meet new requirements and challenges. This enables companies to remain agile and responsive, even in a dynamic and changing market.<\/p>\n

<p>DDD is more than just a technical approach. It is a mindset that brings business-oriented and technical teams together to create software that truly meets the unique needs of the business. By focusing on the core business domain and fostering collaboration, DDD helps companies build software that is flexible, adaptable, and targeted. For business leaders, understanding and embracing Domain-Driven Design can lead to more efficient software solutions that deliver real business value.<\/p>\n

<p>Next time you face a complex business problem, consider whether DDD could be the right approach for your organization. Or give us a call. We\u2019re happy to help turn your business ambitions into concrete digital solutions.<\/p>","margin":"default"}},{"type":"panel","props":{"content":"

<div class=\"contact-card\">\n

<div class=\"profile-image\">\n

<p><img src=\"https:\/\/mjolner.dk\/wp-content\/uploads\/2024\/11\/MJO-1-300x300.jpg\" alt=\"Morten Jokumsen\" width=\"300\" height=\"300\" class=\"alignnone wp-image-17061 size-medium\" \/><\/p>\n<\/div>\n

<div class=\"contact-info\">\n

<p class=\"contact-name-card\">Morten Jokumsen<\/p>\n

<p class=\"title\"><span>Senior Solution Architect<\/span><\/p>\n

<div class=\"contact-details\">\n

<div class=\"phone\"><img src=\"https:\/\/mjolner.dk\/wp-content\/uploads\/2024\/10\/phone-icon-blue-1.png\" alt=\"Phone Icon\" \/> <a href=\"tel:+45 41 95 36 45\">+45 41 95 36 45<\/a><\/div>\n

<div class=\"email\"><img src=\"https:\/\/mjolner.dk\/wp-content\/uploads\/2017\/11\/mail48_blue-1.svg\" alt=\"Email Icon\" \/> <a href=\"mailto:mjo@mjolner.dk\">mjo@mjolner.dk<\/a><\/div>\n<\/div>\n<\/div>\n<\/div>","content_column_breakpoint":"m","css":".contact-card {\n    display: flex;\n    align-items: top;\n    width: 100%;\n    justify-content: center;\n}\n\n.contact-name-card{\n\tmargin:0px !important;\n}\n\n.profile-image img {\n    width: 180px;\n    height: 180px;\n    border-radius: 50%;\n    object-fit: cover;\n    margin-right: 20px;\n}\n\n.contact-info{\n    font-size: 1.5rem;\n    padding-left: 1rem;\n    padding-top: 1rem;\n}\n\n.contact-info .title {\n    font-size: 18px;\n    color: gray;\n    margin:5px 0px 10px 0px;\n}\n\n.contact-details {\n    display: flex;\n    flex-direction: column;\n}\n\n.phone, .email {\n    display: flex;\n    align-items: center;\n    margin-bottom: 8px;\n    \n}\n\n.phone img, .email img {\n    width: 16px;\n    height: 16px;\n    margin-right: 10px;\n}\n\n.contact-card img {\n   \n}\n\n\n\n.phone a, .email a {\n    font-size: 16px;\n\n    color:grey;\n}","icon_width":80,"image":"","image_align":"top","image_alt":"Senior Manager Quality Assurance","image_grid_breakpoint":"m","image_grid_width":"1-2","image_svg_color":"emphasis","image_width":200,"link_style":"default","link_text":"Business units","margin":"default","meta":"","meta_align":"below-title","meta_element":"div","meta_style":"text-meta","panel_padding":"default","panel_style":"card-hover","title":"","title_align":"top","title_element":"h3","title_grid_breakpoint":"m","title_grid_width":"1-2","title_hover_style":"reset","title_style":"h2"},"name":"Contact Card v3 - 11-2024"}]}]}]}],"version":"4.4.2","yooessentialsVersion":"2.2.14"} --></p>
<p>Indlægget <a href="https://mjolner.dk/en/blog/project-management-en/what-is-domain-driven-design/">What is Domain Driven Design?</a> blev først udgivet på <a href="https://mjolner.dk/en/">Mjølner</a>.</p>
]]></content:encoded>
					
		
		
			</item>
	</channel>
</rss>

<!--
Object Caching 44/559 objects using Disk
Page Caching using Disk: Enhanced 
Lazy Loading (feed)

Served from: mjolner.dk @ 2026-07-11 00:43:23 by W3 Total Cache
-->