Protecting our customers by securing the backbone of connectivity
In a digital-first world, trust begins with security. At Vodafone, we’re taking proactive steps to build that trust by prioritising people, strengthening our infrastructure, working to prevent fraud, and encouraging a vigilant culture, while recognising that the landscape is always evolving.
Today, we’re speaking with Norman Heit, Vodafone’s Corporate Security and Resilience Director, whose leadership is driving a security-by-design mindset across the organisation.
With a career spanning global security leadership at Boehringer Ingelheim and Bayer AG, service as a NATO liaison in Afghanistan, and academic contributions as a lecturer in Security Management, Norman brings deep expertise and a strategic perspective to the role.
By working closely with governments and embedding resilience into every layer of the business, Norman is helping Vodafone keep communities connected, safely and confidently, as threats continue to evolve.
Welcome Norman - it’s so great to be chatting with you. To start things off, what does protecting our customers mean to you?
To me, protecting our customers means putting their safety first and providing them with peace of mind by safeguarding the infrastructure and environments that underpin our services. It’s about maintaining resilient operations, securing our sites, and preparing for disruption.
Our ambition is that customers can rely on us, even in the most challenging circumstances. We achieve this through continually evolving security standards, striving for operational excellence, and fostering a culture of vigilance and innovation across our teams.
Ultimately, protecting our customers is about trust: making sure that every call, message and connection is supported by a secure foundation, so people, businesses and communities can stay connected with confidence.
Vodafone’s network plays a critical part in everyday life. How does your team ensure the physical infrastructure behind it stays secure, and what does that mean for customers using our services?
Our physical estate, which includes data centres, network exchanges, switching sites, field locations, and much more, underpins the connectivity for our customers.
We apply global physical security standards across all sites, using various strategies to effectively protect them while considering their individual environments and challenges. We constantly monitor our critical environments, and our controls include a wide range of protection measures such as threat intelligence, mitigation, and response.
Regular security reviews, assurance activities, and site-specific assessments drive continuous improvement, while our policies cover key topics such as visitor management and CCTV retention in line with applicable law. We integrate physical, personnel, travel, and event security so our people can work safely in all conditions.
For our customers, this means confidence that behind the scenes, we’re proactively strengthening the physical backbone of our network with robust safeguards, minimising the risk of disruption and ensuring services stay available when they’re needed most.
Our goal is simple: to protect the infrastructure that helps keep people, businesses, and communities connected.
How do you prepare Vodafone to keep everyone connected during unexpected events?
Ensuring people stay connected begins well before any unexpected event occurs, whether that’s a natural disaster or damage to network assets or data centres. We operate a comprehensive Business Continuity Management System designed to pinpoint our most critical activities, set clear recovery objectives, and maintain detailed response plans. This means our teams are always prepared and know exactly how to react when operations come under pressure.
Our global policy and detailed requirements establish a consistent baseline across Vodafone, aligned with ISO 22301 principles (a globally recognised framework for Business Continuity Management Systems), and suppliers are held to equivalent standards through our contracts.
Preparedness is strengthened through regular exercises that range from various trainings to interactive simulations. This ensures that decision-makers can practice in realistic conditions and improve with each cycle.
When disruption does happen, our crisis framework brings together all relevant business units, plus additional workstreams to prioritise customers, set goals, coordinate recovery, and communicate transparently.
The result is resilience by design: We aim to reduce the impact of shocks, restore services as quickly as possible, maintain trust during critical moments, and constantly improve.
Fraud is constantly evolving. What are the biggest threats today, and how is Vodafone staying ahead to protect customers and their data?
Fraud is evolving faster than ever, driven by rapid technological advances and increasingly sophisticated fraud tactics. Identity theft, account takeover, robocalls, and AI-powered scams that convincingly mimic legitimate communications are among today’s most serious threats. As digital channels expand, so does the attack surface - making proactive, adaptive defenses essential.
Protecting customers is our top priority. Through advanced analytics, machine learning, and continuous monitoring, we aim to detect and prevent suspicious activity before it causes harm. We also use cutting-edge technologies and work closely with industry partners, regulators, and law enforcement to share intelligence and disrupt criminal networks at scale.
Fraud prevention is embedded across our operations, and we support our products and services by implementing robust controls that protect customers throughout their journey.
How do you build a culture of security across Vodafone, and how does that translate into a safer experience for customers?
Above all, security is about people and the choices they make every day. At Vodafone, we build a culture of security by making it simple, relatable, and engaging. Our global awareness programmes are designed with a character-driven approach, using storytelling and humour to bring security to life.
These aren’t just campaigns; they’re scenarios that stick. We also believe that learning secure behaviours at work naturally extends into personal life, making the impact far-reaching with broader benefits.
We foster psychological safety, so employees feel confident speaking up, reporting concerns, and challenging suspicious behaviour. Our leaders play a key role in this, championing security as a shared responsibility across every level, from the boardroom to frontline teams.
When our teams are security-aware and engaged, they’re better equipped to identify risks, respond effectively, and help protect customer data. For our customers, this translates into a better experience and greater trust.
How is Vodafone responding to increased focus from European Governments on networksecurity and critical national infrastructure?
Across our teams, we’re responding to heightened European government focus on network security and resilience by actively cooperating with government stakeholders on the threat environment and heavily investing in secure, resilient networks and telecommunications infrastructure.
As geopolitical threats evolve and emerge with greater frequency, operators of critical connectivity infrastructure are on the frontlines of defending European societies, citizens, and critical sectors. Vodafone’s infrastructure spans over one million kilometres of subsea cables and emerging satellite capabilities, and we recognise our responsibility to help protect and defend against a proliferation of threats.
We’re actively engaging with European policymakers, enabling a dialogue to jointly build a regulatory and policy landscape that balances innovation with security and enables pan-European solutions to today’s challenges. This includes providing policy contributions to the revision of the Cyber Security Act, the Digital Omnibus focusing on simplification, the Cyber Resilience Act, and coordinated risk assessments, working alongside industry partners across the technology and telecommunications sectors.
Our strategy is clear: security is not just a compliance obligation; it is a foundational priority across our operations, products, and solutions. My team are embedding resilience into our networks, prioritising security-by-design technology, and collaborating with governments on shared priorities, we’re contributing to securing Europe’s digital future.
Securing the future
As digital threats grow more complex and physical security risks can’t be forgotten, our commitment to security remains steadfast, driven by Norman Heit’s leadership and a clear vision: resilience by design, vigilance in practice, and trust at the core.
From safeguarding physical infrastructure to preventing fraud and fostering a culture of awareness, our guardians of connectivity are building a secure foundation for the future of connectivity.
Because when security is built in, not bolted on, customers, communities, and businesses can stay confidently connected, no matter what challenges lie ahead.
Want to know more?
Find out how we’re protecting customers from the frontline here.
Find out how we’re protecting customers from cyber threats across Europe and Africa here.
Learn more about how we’re protecting our network and why it matters here.
Learn how we prioritise cyber and information security in our Cyber Security Factsheet .