Hegnes
CV

CV


CV: Bjørn Martin Hegnes

Personal Qualities and Interests

I am an adaptable individual, eager to learn and capable of excelling in both independent and collaborative work scenarios. I adopt a responsible, structured, and quality-conscious approach in all my undertakings. Outside of work, I take interest in fitness, gaming, investing, rock climbing, and experimenting with new technology.

Experience

archiveME / CEO & Founder
March 2023 – Present, Oslo
Responsible for the overall vision, strategy, and execution of the company’s mission, including the technical AI/ML components.

Avanade / Cyber Defense Analyst
April 2023 – Present, Oslo
Technologies used: Microsoft Azure, Microsoft 365, KQL (Kusto Query Language), PowerShell, Microsoft Defender Suite (including Microsoft Defender for Cloud, Microsoft Defender for Identity, Microsoft Defender for Endpoint, Microsoft Defender for Office 365), Azure Sentinel.

Avanade / Infrastructure Analyst
August 2022 – April 2023, Oslo
Technologies used: PowerShell, SQL Server, Octopus, Azure DevOps, Git, Build and Release management, Visual Studio.

Color Line / Catering Assistant
June 2016 – July 2020, Oslo
Hygienist in the kitchen and smoke diver onboard a cruise ship. Shift work with two weeks on and two weeks off.

PSS Securitas / Security
March 2014 – June 2016, Bergen

Astrup Bergen As / Logistics Employee
February 2014 – November 2014, Bergen
Worked with packing and shipping of plastic and metal pipes to the oil industry using a truck and traverse crane.

Education

Noroff / Network and IT Security
August 2020 – June 2022, Oslo

Sonans / Online Studies
October 2019 – May 2020, Oslo

Bergen Katedralskole / Retake Subjects
July 2015 – May 2016, Bergen

Øyrane videregående skole / Construction Subjects
July 2004 – June 2005, Førde

Flora videregående skole / Electrical Engineering
July 2002 – June 2003, Florø

Certifications

Cyber Security Academy
April 2023

SC-900: Microsoft Security, Compliance, and Identity Fundamentals
February 2023

AZ-900: Microsoft Azure Fundamentals, Microsoft
September 2022

Publications

Operation Bloodhound – Cracking WiFi Passwords
September 2022

Location Tracking of WIFI Access Point and Bluetooth Devices
September 2021

Presentations

BSides Oslo 2022Location Tracking of Bluetooth Devices
May 2022, Oslo

Languages

English: Intermediate level
Norwegian: Native proficiency

Knowledge [2023]

Formal Education:

Network and IT-Security, Noroff

(August 2020 – June 2022, Oslo)

First-year of Network and IT-Security:

Problem-Based Learning: is an introduction on how to proceed in actively contributing to
driving a project forward – from pre-planning to implementation and documentation, through
to reports and presentations.

Operating and File Systems:, this Course will dive into how an operating system works.

  • Get knowledge of the functionality and structure of a computer system.
  • Get knowledge about the role and functionality of an operating system.
  • Get knowledge about the interaction between key components in a computer.
  • Get knowledge about key features of the different file system
  • Install both Windows-based and Unix-based operating systems.
  • Learn to navigate operating systems

Microsoft Server Technologies: this course will give the knowledge about the installation of a Windows-based server. Overview of the Active Directory and how to administer a network through Active Directory. Permissions and rights on a Windows-based system, in addition to configuring different services such as HTTP, FTP, DHCP, DNS, DFS, auditing, and backup.

Unix Based Technologies: this course is going through how to set up and manage various
services on Linux-based systems. Covering topics like the command line, web servers, DNS, FTP, and backups amongst many others. By the end of this course, I did have a firm footing in the Linux terminal and be able to install and manage various processes and services.

Network Infrastructure: in this course I did learn about network and networking devices
and their capabilities and functionality. Mostly Cisco equipment and network planning with
packet tracer.

  • Introduction to Network Infrastructure, Layered models, Ethernet, IPv4
  • Transport and Application layer, LAN, VLAN, Ethernet, Switch Configuration
  • IPv4 Addressing, Default mask, Subnet, Subnet mask, Understanding IPv4
  • Router, Routing protocols, Subnet design, VLSM, DHCP.
  • NAT, ACL, Introduction to IPv6
  • IPv6 addressing, IPv6 routing

Introduction to Information Security: this course did give the basic knowledge needed to
know about important elements in ICT security. During this course, we did discuss different
security models, cryptography, authentication, physical security, malware, firewall
technologies, and incident management.

Study Project 1: is the last course for the first year, and It is up to the student to define the assignment that will be an 8-week project that will incorporate most of the knowledge learned in the previous courses.

In this project, I go through the vulnerabilities of WIFI and Bluetooth in terms of privacy i.e. location tracking from 3rd parties without the user’s knowledge. With the ever-increasing use of WIFI and Bluetooth devices in the daily life of the average citizen, many will own at least one device, if not several, which can be used as tracking devices.

I wanted to show that these technologies are vulnerable to tracking/surveillance without the individual’s notice and online connection.

This study project did win the Diamond Award for best project.
Has been featured in NRK.no, CodaStory.com, and other media publications.

Second-year of Network and IT-Security:

Security and Law: In this course, I did get an overview of IT laws, Intellectual Property, Trademarks, and Patents overview of national laws, regulations, and guidelines from authorities and organizations. In addition, I did get familiarized with different guidelines and regulations valid for both the public and private sectors.

  • Overview of IT laws, Data protection, IP and Patents
  • Ethics, Professionalism, and Workplace
  • Cyber Warfare and Security Policies

Network Security: Security is important in all aspects of Information Technology (IT). Protecting IT infrastructure is essential in ensuring that information is secured during processing transmission and storage.

I did learn about devices, tools, and techniques that operate in the cloud/vitalization security layer, physical security layer, perimeter security layer, network security layer, endpoint security layer, application security layer, and data security layer.

  • General information security concepts, information security controls/ countermeasures, the Cyber Kill Chain, layered security/defense-in-depth (DiD) model.
  • Cloud/Virtualization Security Layer, Physical Security Layer, Perimeter Security Layer,  Network Security Layer.
  • Network Security Layer, Endpoint Security Layer, Application Security Layer, Data Security Layers, Security Monitoring/Response, and Security Management.

Preventive Security (RAS): This course did give me the knowledge to conduct risk and vulnerability analyses and focus on the documentation and use of such analyses. Also, I did learn how to effectively evaluate an organization’s cybersecurity posture and implement the appropriate preventive measures.

This course is theory-heavy. Nonetheless, it is an exciting and rewarding field of study. Where possible, I did intentionally use case studies describing real-world scenarios where I learned to apply the aspects of risk to various situations.

  • General Introduction to Risk & Risk management, Risk Management Process, Introduction to Cyber Risk, Real World Cases, Cyber Risk Management
  • Cyber Risk Assessment: Context Establishment, Risk Identification, Risk Analysis
  • Cyber Risk Assessment: Risk evaluation, Cyber Risk Treatment & Risk Acceptance,      Control Implementation, Results Documentation & Guest Lecture

Hacking Tools, Incidents, and Response: This course did give me an overview of known security tools and their functionality. After this course,I will have a basic understanding of the techniques used in networks to gather information and acquire unauthorized access to different systems among other things.

Gaining unauthorized access by hacking systems, cracking, and wireless hacking by using the Cyber Kill Chain framework with known tools such as Kali Linux, Burp Suite, and Metasploit Framework.

  • Intro and Recon
  • Enumeration
  • Exploitation
  • Incident Response

Programming – Python: Developed proficiency in Python programming, including installation, debugging, operations, data containers, functions, modules, strings, files, objects, requests, interfaces, OS integration, sockets, network management, threading, documentation, version control, and software development life cycle.

Databases: Mastered MySQL fundamentals and applied advanced database concepts and SQL skills in student projects, including managing a database with 12,000,000 Wi-Fi Access Point data points, passwords, and vendor information. This expertise was crucial for conducting cybersecurity analytics in both projects.

Computer Forensics: This module is going to give the students an introduction to investigations performed on IT systems, handling evidence and the demands for documentation in order to build a case for either the management in an organization or the prosecution.

Study Project 2: the final course, required students to define an 8-week project incorporating knowledge from previous courses. This project investigated the vulnerabilities of Wi-Fi Access Points concerning password acquisition and cracking. As Wi-Fi devices become increasingly prevalent in daily life, the study aimed to demonstrate that Wi-Fi technology is susceptible to various attacks, enabling unauthorized network access without the user’s knowledge. 

The project revealed the possibility of cracking a single Wi-Fi Access Point password and demonstrated “mass cracking” in a large city, such as Oslo. The findings were featured in NRK.no and other media publications.

Informal Competence

  • File-Sharing Site Management: I took on the managerial responsibility of setting up and operating a large file-sharing site that boasted over 22,000 active users.
  • Establishing an AI Company: In my spare time, I am actively engaged in establishing an AI company, which has been instrumental in furthering my learning and personal development.

Soft Skills and Processes

  • Customer insights and reporting
  • GAP analysis
  • Incident and error handling
  • Solution design and modeling
  • Complex problem solving
  • User support
  • Stakeholder management
  • Knowledge sharing and tutoring
  • Individual drive and motivation
  • Ability to follow through on initiatives
  • Adaptable and flexible
  • Leadership and strategy
  • Staying up-to-date with the latest technology