How Protinus helps Sweden’s energy sector tackle NIS2

Freelance CISO Anders Åhlgren uses Cyberday to guide over 10 energy companies through complex compliance journeys with minimal overhead and maximum clarity.

Industry
Consultant
Company
Protinus
Visit website ->

Used Frameworks

Anders Åhlgren isn’t your typical consultant. With decades of experience in information security management and advising the European Commission on the Network Code on Cybersecurity for the European Electrical Energy Sector in parallel with the NIS2 directive as well as Member of The EU Commission Smart Grid Task Force, he brings both policy expertise and hands-on pragmatism to every engagement.

Today, through his consultancy Protinus, he serves as a fractional Chief Information Security Officer (CISO) for 12 energy companies in Sweden. Most of these companies are small, often fewer than 40 employees, but they face the same compliance burdens as much larger enterprises.

To meet those demands without inflating costs or complexity, Anders relies on Cyberday.

“Cyberday is a part of my offer. I tell clients: yes, you can do this without it, but it’s going to be a lot of work.”

Low awareness, high stakes

When Anders begins work with a new client, he may find a familiar set of challenges: low cybersecurity maturity, limited in-house expertise, and leadership teams that underestimate the importance and scope of what’s required.

“The knowledge level can be low,” he says. “Leadership may not be very interested. And there are no rules in place. Few policies, and a lack of ownership.”

Still, regulatory pressure is mounting. While Sweden has yet to publish its national version of the NIS2 directive, the EU-level obligations are already on Anders’ and his clients' radar.

Unfortunately, without a clear framework or workflow, many companies struggle to even start. “One customer tried without me, and it ended up without any progress,” Anders recalls.

Cyberday as Protinus’ backbone

Cyberday became part of Anders’ consulting toolkit almost by accident. One of his first freelance clients had already implemented it, and he was expected to make it work.

“It was a horrible time at first,” he laughs. “But then I started to love it. I realized it could solve a lot of problems for the energy sector.”

Today, Cyberday is embedded in his consulting practice. Every Protinus client engagement begins the same way: get familiar with the tool, activate the NIS2 framework, and gradually build out the information security management system (ISMS).

Anders works with clients remotely, usually meeting online once a week for a few hours. In between, he remains available via email and can directly support their Cyberday environments.

How It Works: Anders’ NIS2 maturity model

Anders follows a step-by-step maturity model to help organizations gradually establish a working ISMS aligned with NIS2. The process spans five stages, from initial setup to full optimization. Here's how he guides his clients through it using Cyberday:

1. Initial

“Set up Cyberday in Teams.”
Clients begin by getting access to Cyberday and starting to explore it inside their Microsoft Teams environment. This helps them become familiar with the tool in their daily workflow.

2. Managed

“Work through the 104 tasks for NIS2.”
The next step is activating the NIS2 framework in Cyberday. Clients begin completing the 104 related tasks, which introduce them to the scope of compliance requirements and helps build momentum.

3. Defined

“Assign theme owners and perform an internal audit.”
As they progress, Anders encourages clients to delegate responsibility by assigning theme owners for HR, suppliers, plans, etc. This distributes the work and builds shared accountability. At this stage, they also conduct a basic internal audit.

4. Quantitatively Managed

“Address audit findings and launch the staff guidebook.”
Here, the team begins to close identified gaps. They address any nonconformities from the audit and create a guidebook in Cyberday to support ongoing training for staff.

5. Optimizing

“ISMS is now established.”
At this final stage, the ISMS is operational and embedded in day-to-day work. Organizations are managing:

Building an ISMS for NIS2

How to utilize Cyberday

Risk-based compliance management

Your security team can automate risk assessments, linking mitigation actions directly to compliance requirements.

Seamless policy & documentation handling

Instead of juggling multiple spreadsheets and documents, our platform allows you to manage all policies, controls, and audit evidence in one place.

Automated reporting

Generating reports for audits and regulatory bodies is now quick and automated, reducing administrative overhead.

Successful rollouts across the sector

Anders has introduced Cyberday to over 300 professionals across the energy sector through Protinus client engagements, lectures, and even demonstrations for the European network of colleagues.

His clients are making real progress, even in the absence of Swedish NIS2 legislation. One standout case in Sweden decided to go all-in on Cyberday:

"They used every feature, every policy, every report that supported the requirements of the NIS2 directive. And I must say we hit the goal much easier."

This level of commitment isn’t universal, but Anders’ structured, weekly support helps each organization to get off to the right start and build real progress over time.

He also points to Cyberday’s flexibility as a major advantage for clients with international demands. Once NIS2 is implemented, it's easy to build on that work by enabling other frameworks like ISO/IEC 27001, NIST, and GDPR. The tasks completed for NIS2 will carry over and provide a solid foundation.

“One of my customers has global clients, so some want ISO 27001 reports, others ask about NIS2. Cyberday makes it easy to toggle between frameworks and see the progress.”

Just do it

Through his consultancy Protinus, Anders Åhlgren has helped energy companies turn complex compliance into manageable weekly routines.

His secret?

Deep experience, a pragmatic approach, and a platform that does the heavy lifting.

Now expanding into the automotive sector and frameworks like TISAX, Anders leaves the interview with a final piece of advice:

“Big companies tell you to start with a €10,000 gap analysis. I say: skip it. Just go into Cyberday and start solving tasks. Just do it.”

Whether you're a small or a large organization staring down new regulatory challenges, just do it. With the right guidance and the right tool, it's absolutely doable.

Start your own journey with a free trial of Cyberday today.

Effortless compliance improvement
Widest framework library in EU
Extensive support

Start your compliance journey

Use in MS Teams or use your browser with Slack integration.
Risk free trial. No credit card required. Stop at any time.

Start free 14-day trial
Book a meeting
How it works?
SummarySecurity tasks and assuranceDocumentation workflowsEmployee guidelinesReporting templates
Use cases
By frameworkAll frameworksISO 27001NIS2 directiveNIST CSFCSA CCMISO 27701GDPRISO 27017ISO 27018
By methodCyber risk managementEmployee awarenessCompliance reportingControl managementAsset managementDynamic policy documentsPrivacy management
Resources
AcademyWebinarsBlogHelp articlesVideo coursesContent libraryGuidesNewsletterLeave a reviewPartner programTeamTerms of usePrivacy policy
Contact us
+358 10 231 6010
team@cyberday.ai
App works in:
Known in Finland as Digiturvamalli
© Cyberday Inc. Kalevantie 2 33100 Tampere, Finland
Cyberday.ai - Improve and certify your cyber security