News & Insights

The AVG and IB

You frequently see the CISO/Privacy Officer roles combined. I did combine it myself for a while. Even though the two topics overlap, they are also...

ZBO without embargo

Originally a talk I gave at a lunch meeting with several ZBOs. ZBO stands for independent administrative body. These are the government agencies...

Learning to advise

''Gives solicited and unsolicited advice'' is often in our job description. Giving advice is a skill. One which is relevant to a range of roles...

Security vs. privacy

Security and privacy are two topics hardly mentioned in one breath in daily security operations. On the one hand, this is a good thing because when...
“AI allows us to upskill our entire team”

“AI allows us to upskill our entire team”

By implementing AI and automation tools in the right way, a significant opportunity arises to drive career growth in security teams, according to Ian Stacey, Group Head of Information Security at Novuna and Callum Taylor, Cybersecurity Product Owner at Novuna.

“Threat actors are increasingly targeting OT organizations,” report

“Threat actors are increasingly targeting OT organizations,” report

OT organizations are making progress in hardening their security, but their cyber teams still face significant challenges in securing converged IT/OT environments. Adopting essential tools and capabilities to enhance visibility and protections across the entire network will be vital for these organizations when it comes to reducing the mean time to detection and response.

The three-point action plan for new CISOs

The three-point action plan for new CISOs

Unlock the essential strategies for new CISOs to enhance asset visibility, manage vulnerabilities, and ensure regulatory compliance with Hadrian’s comprehensive “Three-Point Action Plan” eBook.

Quishing: an evolving threat

Quishing: an evolving threat

The ongoing changes in QR code phishing, or quishing, show us that it is important to be observant and to not heavily rely on our email security systems.

What’s the cost of downtime?

What’s the cost of downtime?

What happens when a large organization faces DDoS attacks, software failures, or even a company-wide hack? While the direct costs of unplanned downtime are easily visible, organizations should not underestimate the indirect, or hidden costs of digital failures.

CISODAY in the rear view

CISODAY in the rear view

In a packed Green Village, about 200 security experts got together to celebrate the very first CISODAY.

Jeroen Schipper is CISO of the Year 2024

Jeroen Schipper is CISO of the Year 2024

Jeroen Schipper, CISO at the Municipality of The Hague, won the CISO of the Year 2024 Award last night. He owes the award to his transformational role and his holistic and inclusive approach to cybersecurity. His contributions to the professionalization of the CISO profession and his role as an active representative of the city of The Hague in cybersecurity matters were also taken into consideration.

CISO of the Year Award special with Floor van Eijk

CISO of the Year Award special with Floor van Eijk

In this last episode, we talk to Floor van Eijk, CISO at NN Group, and nominated for the CISO of the Year Award 2024. Other guests are jury member Job Voorhoeve (Amrop) and CISODAY partners Boudewijn van Lith (Proofpoint) and Thijs Timmerman (KPMG).

CISO of the Year Award special with Jan Joost Bierhoff

CISO of the Year Award special with Jan Joost Bierhoff

In this episode, we talk to Jan Joost Bierhoff, Global CISO at Heineken, and nominated for the CISO of the Year Award 2024. Other guests are jury member Madelein van der Hout (Forrester) and CISODAY partners Marijn van Overveld (Noesis) and Daan Hakkert (IBM).

CISO of the Year Award special with Jeroen Schipper

CISO of the Year Award special with Jeroen Schipper

In this episode, we talk to Jeroen Schipper, CISO at Gemeente Den Haag, and nominated for the CISO of the Year Award 2024. Other guests are jury member Madelein van der Hout (Forrester) and CISODAY partners Vincent van Kooten (Netskope) and Mark van Leeuwen (Okta).

CISO of the Year Award special with Lies de Wit

CISO of the Year Award special with Lies de Wit

In this episode, we talk to Lies de Wit, CISO at Stater, and nominated for the CISO of the Year Award 2024. Other guests are jury member Job Voorhoeve (Amrop) and CISODAY partners Ivo van Bennekom (PwC) and Hans van den Boomen (CheckPoint).

CISO of the Year Award special with Pieter van Houten

CISO of the Year Award special with Pieter van Houten

In this first episode, we talk to Pieter van Houten, CISO at SHV, and nominated for the CISO of the Year Award 2024. Other guests are jury member Madelin van der Hout (Forrester) and CISODAY partners Mike Remmerswaal (Netskope) and Mark van Leeuwen (Okta). The host is Rob Beijleveld.

“The CISO is no longer just a necessary evil”

“The CISO is no longer just a necessary evil”

Last month, during Amrop’s Global Digital Practice Quarterly Online Event "The evolution of the CISO role: CISO as a business enabler" we heard from and spoke to Harvey Ewing, CISO turned CIO, who is now again a CISO at Radial Inc., and to Dimitri van Zantvliet, CIO...

“Become the enabler, not the blocker”

“Become the enabler, not the blocker”

A great CISO is one who can embrace innovation and new business goals, but at the same time, knows how to create awareness about security risks, says Luisella ten Pierik, CISO of regional grid operator for electricity and gas Stedin and manager of their CIO Office.

Zero Trust: how do I make it concrete?

Zero Trust: how do I make it concrete?

Every year, numerous research and consultancy firms come up with all kinds of overviews of strategic trends in IT and cybersecurity. Invariably, Zero Trust is part of these lists, with definitions along the lines of “don’t just trust anything, but verify”. But how exactly should you go about this as a CIO, CISO, or IT manager?

Are you ready for NIS2?

Are you ready for NIS2?

Although the Dutch legislation for NIS2 is running behind, the Dutch business sector should start getting their things in order, especially if they are dependent on international customers and suppliers.

CIOs and CISOs: managing tensions and working together effectively

CIOs and CISOs: managing tensions and working together effectively

CIOs and CISOs on the pros and cons they see in the CISO reporting to the CIO vs. working as peers, ways of effectively addressing the tension, and the governance standards needed for cybersecurity framework to align with organizational goals and industry security requirements.

Eight cybersecurity predictions for this year (and beyond)

Eight cybersecurity predictions for this year (and beyond)

In March, Gartner revealed its cybersecurity predictions for 2024 and beyond. Its analysts believe generative AI (GenAI) adoption will close the cybersecurity skills gap and reduce employee-driven cybersecurity incidents. They also predict that two-thirds of global 100 organizations will extend directors and officers insurance to cybersecurity leaders due to personal legal exposure.

A cyber-samurai in the digital dojo…

A cyber-samurai in the digital dojo…

In the serene yet potent ethos of ancient Japan, where the discipline of Budo, the martial way, was not merely about combat but a profound journey towards self-mastery, integrity, and the protection of one’s community, we find surprising parallels to the modern role of a CISO in the realm of critical infrastructure.

The Great Reset – Why we haven’t yet seen the end of the Big Tech layoffs

The Great Reset – Why we haven’t yet seen the end of the Big Tech layoffs

After seeing two years of post-pandemic economic downturn and massive layoffs in the tech sector, recovery seemed to be on the radar for 2024. However, jobs continue to be impacted. But in the cybersecurity industry the shift to AI and low interest rates, that facilitate finding capital, have led to an increase in hiring.

Two thirds of employees gamble with security

Two thirds of employees gamble with security

Over two-thirds of Dutch employees knowingly put the organization at risk, leading to ransomware or malware infections, data breaches or financial loss. More than four in five of the organizations surveyed experienced at least one successful attack by 2023.

Government launches NIS2 Quick Scan

Government launches NIS2 Quick Scan

On February 29, the central government launched the NIS2 Quick Scan that allows organizations to prepare for the new European NIS2 directive. This directive is aimed at increasing the digital resilience of companies and organizations in the EU.

The AVG and IB

The AVG and IB

You frequently see the CISO/Privacy Officer roles combined. I did combine it myself for a while. Even though the two topics overlap, they are also very different. Because the interests (data subjects vs. organization) are apart and also the scope differs from each...

Hackers are friends, not food – how they can help you

Hackers are friends, not food – how they can help you

Hackers are invaluable to your organization. They have the time and motivation to fiddle endlessly with a thread until an entire sweater is reduced to a pile of yarn. Whereas pen testers have limited time and are paid by the hour, reporters at a CVD often charge nothing at all. All they want is a T-shirt and an honorable mention. How do you get them to work for you?

CISO Platform Nederland board is complete

CISO Platform Nederland board is complete

The board of CISO Platform Nederland, the non-profit association of CISO community Nederland, is complete: CISOs Dimitri van Zantvliet, Luisella ten Pierik, Mahdi Abdulrazak, Justin Broeders and co-founder Rob Beijleveld officially joined the organization’s board on February 16.

ZBO without embargo

ZBO without embargo

Originally a talk I gave at a lunch meeting with several ZBOs. ZBO stands for independent administrative body. These are the government agencies that have independent governance but belong to a ministry. That this is a complex construction, you will already...

The C in CISO stands for Compliance

The C in CISO stands for Compliance

''We are ISO certified and therefore 100% cyber-secure!'' A statement that I think few security experts will endorse. And yet, compliance is an important and sometimes useful tool within information security. With the current laws and regulations, you can't really...

Dutch government fails to meet implementation of NIS2 and CES on time

Dutch government fails to meet implementation of NIS2 and CES on time

Businesses are not the only parties experiencing problems with implementing of the new European guidelines for Network and Information Security (NIS2) and the Critical Entity Resilience Directive (CER). In the Netherlands, the preparations for the consultation on the Dutch implementation of these European directives are already delayed.

Your vote, your voice?

Your vote, your voice?

Attempts to meddle in election processes through cyberattacks have increased drastically, and the methods with which hostile actors try to infiltrate society are continually evolving. Cybersecurity professionals have a role to play in this trend by educating the general public about these risks so that more stakeholders can act as a defense against hostile state actors.

Learning to advise

Learning to advise

''Gives solicited and unsolicited advice'' is often in our job description. Giving advice is a skill. One which is relevant to a range of roles within information security. For (C)ISOs as well as consultants and pentesters. But how do you give good advice? What is the...

Security vs. privacy

Security vs. privacy

Security and privacy are two topics hardly mentioned in one breath in daily security operations. On the one hand, this is a good thing because when tactical and strategic thought is given to safeguarding privacy within security, the operation can run freely within those set frameworks.

Airbags and aliens – performing risk analysis without stress!

Airbags and aliens – performing risk analysis without stress!

A quality risk analysis is one that you, the expert, stand behind. You must be able to explain and defend the outcome. Risk analyses are used to identify risks, determine measures and put responsibility where it belongs. But after the report you (C)ISO are not...

Ten security myths debunked (podcast)

Ten security myths debunked (podcast)

“Public WIFI is unsafe,” and “Password books are a bad idea!”. CISO Fleur van Leusden debunks these myths and eight more. This podcast is in Dutch.

2024: you better take it personally!

2024: you better take it personally!

Welcome to 2024, a year where the cyber landscape isn’t just evolving; it’s demanding a revolution in how we think and act. The message for you is unequivocal: It’s time to take it personally.

A hacker’s wishlist for Christmas

A hacker’s wishlist for Christmas

Every year, cyberattacks increase dramatically during the holiday season. Criminals know how to take advantage of a busy season in which companies endure chaos and employees are busy, stressed, tired, and ready for a break.

“This is your CEO calling. Can you pay this invoice for me?”

“This is your CEO calling. Can you pay this invoice for me?”

In many companies, artificial intelligence is slowly getting ingrained in work processes. Generative AI tools such as ChatGPT make it easy to replace time-costly processes such as generating summaries, creating marketing content, and automating customer service.

Yet, AI evolves at high speed, and the business sector needs to wake up. Looking at the biggest cyber security trends in 2024 that everyone must prepare for, generative AI is on top of the list, according to Forbes. Cybercriminals are increasingly incorporating AI in their attacks, ranging from deepfake social engineering attempts to automated malware.

CISO community, CISO Platform Nederland established officially

CISO community, CISO Platform Nederland established officially

The CISO community Nederland and the associated CISO Platform Nederland are a reality. The new combination supports Dutch companies’ Chief Information Security Officers (CISOs) in various industries, non-profit organizations, and the government.

“Watch your back” or “I’ve got your back”?

“Watch your back” or “I’ve got your back”?

Chief Information Security Officer – sounds great, but is it? It sounds like an amazing position if all goes well… But what if your organization suffers from a large-scale cyber incident? Unlike other C-level positions, things may have personal consequences rather quickly for the CISO, mainly due to the enormous risk and impact of cybersecurity incidents. “You would take care of it, right?” “How could we have been hacked?” “I thought we had a good CISO?!” Unfortunately, judgments are made in split seconds.

Fighting cybercrime in a more targeted way with “Melissa”

Fighting cybercrime in a more targeted way with “Melissa”

On October 3, the “Melissa” covenant was signed by The Public Prosecution Service (OM), the police, the NCSC, Cyberveilig Nederland, and ten private parties. In this partnership, the groups join forces to fight cybercrime in a more targeted way, to increase the chances of catching cybercriminals, and to reduce the chance of impact for victims.

“CISOs should have a prominent place on the board – and beyond”

“CISOs should have a prominent place on the board – and beyond”

The CISO will be an important stakeholder in the coming years, according to Rob Beijleveld, one of the initiators of the CISO community. CISOs have to take steps to develop their role, increase cybersecurity awareness, advocate for changes, and show that they deserve that seat at the table.

‘Guy Fawkes’ and the digital rebellion

‘Guy Fawkes’ and the digital rebellion

The mask featuring the mug of Guy Fawkes – a figure from the English seventeenth century – with its iconic white face, subtle smile, mustache, and pointed beard has experienced an unexpected renaissance in recent decades.

CSBN 2023: Digital threat to the Netherlands undiminished

CSBN 2023: Digital threat to the Netherlands undiminished

Every organization must be prepared for unexpected attacks, warns the National Coordinator for Counterterrorism and Security (NCTV), who published the Cybersecurity Assessment of the Netherlands (CSBN) 2023 early this month. The CSBN reflects the trends, incidents, threats, and challenges in cybersecurity within our national security.

Sharp increase in attacks on decision makers’ cloud accounts

Sharp increase in attacks on decision makers’ cloud accounts

The number of successful cyberattacks taking over the cloud accounts of top executives has increased by more than 100 percent. Cybercriminals are using a phishing tool – EvilProxy – based on a reverse proxy that they use to steal MFA data and session cookies, according to research by Proofpoint.

Organizations fend off 6 out of 10 attacks

Organizations fend off 6 out of 10 attacks

Security teams make four “impossible” trade-offs when fending off threats. They must decide which attacks to prioritize; choose which vulnerabilities to fix; optimize prevention or detection controls; and finally decide what to log and what to warn about. So reports Picus Security following a report released this month.

Government decides on one organization for cybersecurity

Government decides on one organization for cybersecurity

The Cabinet has decided to merge the existing cybersecurity organizations of the central government. The National Cyber Security Center (NCSC) of the Ministry of JenV, the Digital Trust Center (DTC), and the Computer Security Incident Response Team for Digital Service Providers (CSIRT-DSP), both of the Ministry of EZK, will merge into a new organization.

An administrative view of cybersecurity at Dutch Railways

An administrative view of cybersecurity at Dutch Railways

Cyber threats can occur at Dutch Railways (Nederlandse Spoorwegen or NS) in various places: trains, stations, workplaces, data centers, websites, mobile apps, and the chain. The key, according to CISO Dimitri van Zantvliet, is mapping the risks and responding to the threat landscape.

Gunther Cleijn: “Deploy highly skilled security specialists more efficiently”

Gunther Cleijn: “Deploy highly skilled security specialists more efficiently”

Gunther Cleijn is Global CISO at NewCold. Like so many CISOs, he faces a severe shortage of security specialists. His solution: establish a zero-person SOC. It’s a term we shouldn’t take literally, but there’s no doubt in Gunther Cleijn’s mind that an organization can perform security processes with far fewer people.