Freddy Dezeure

In our keynote panel at the One Conference 2024 we discussed the recent call of major user organizations to implement cloud baseline security by default, unburdening them of the many duplicative efforts of verifying, implementing, and maintaining recommended security baselines for the benefit of society at large. Cloud providers can play a key role in strengthening the baseline security of the ecosystem by setting robust, well-configured security controls as the default, and permitting customers to make adjustments per their own risk appetites.

This publication is a follow-up of our article “Digital Sovereignty Is Impossible Without Big Tech”, calling upon the large cloud providers Microsoft, Amazon, and Google to “improve cybersecurity worldwide by implementing baseline security by default”. Our earlier paper generated a positive response, but also requests to elaborate on baseline security by default and how it can be achieved.

CTI needs to serve a purpose, whether technical, tactical, or strategic. How do we prioritize our limited resources with a continuously changing threat landscape? How confident are we that our efforts to cyber-protect our organization are sufficient? And how can we explain to our leadership that this is indeed the case?  We must step up our game by continuously adapting our defenses in an informed manner, by making sure our mitigating controls are functioning as intended and the residual risk stays within the risk appetite. 

Slide deck of the presentation at the Brussels Cybersecurity Summit 18 January 2024

Most European companies and governments use the cloud infrastructure of three U.S. providers—Amazon, Microsoft, and Google. The widespread dependence on these ‘big tech’ companies for our cybersecurity - and therefore our national security - poses a threat to the digital sovereignty of the EU and its member states. Given the pervasiveness and impact of cyber threats, any form of EU digital sovereignty only possible if we can leverage the scale of big tech as an opportunity. The authors call upon big tech to use their massive infrastructure and their insight on cyber threat actors and their modus operandi to improve cybersecurity worldwide, by implementing baseline security controls as a default, and on EU and US governments to facilitate a self-regulatory discussion towards this goal.

This paper aims to share 10 key insights from organizations that have implemented strategic cyber metrics so that the community can build on these learnings and adopt them in their own environment. The insights are summarized in crisp and thought-provoking summaries to facilitate uptake.

Summary and conclusions of a workshop on strategic cyber metrics and board reporting, hosted by Eurocontrol,  16 September 2022.

The next level of the use of MITRE ATT&CK in an enterprise environment is what this session is about: linking threat informed defense with controls and control frameworks. This session will explore how to make sure relevant risks are mitigated in an effective and efficient manner and how to link this to controls and reporting.

This paper provides a concise overview of the results of the CSR study on digital autonomy and illustrates our strategic assessment framework by applying it in the field of artificial intelligence.

This paper presents an overview of the recommended approach for Boards when dealing with cyber risk, and of good starting points for Board cyber metrics. It is a complementary paper to one addressed to Chief Information Security Officers (CISOs) on how to best control, measure, and report cyber risk to their Boards and should be read in conjunction with that paper.

This paper presents actionable guidance for CISOs to report cyber risk and its context to their senior stakeholders, such as their Board. It describes methods that help CISOs engage in cyber risk management, communicate this effectively, and facilitate proper oversight. It is the outcome of a group of seasoned practitioners sharing their best practices in a CISO Metrics Working Group.

The Cyber Metrics Model shows building blocks and processes to collect cyber metrics, transform them into cyber risk and report them at Board level. 

Government and business community must make conscious choices when it comes to dependence on ICT products and services. This assessment framework, co-authored with Paul Timmers, supports taking appropriate measures to safeguard digital autonomy.

Digital autonomy is a topic of discussion at both national and European level. The Dutch Cyber ​​Security Council (CSR) commissioned an in-depth study of national digital autonomy. The report, co-authored with Paul Timmers, provides insights into the complex issue, illustrating it with examples and a novel assessment framework.

Short story of adapting a planned cybersecurity conference to a new reality of a travel-less, contact-less, remote working environment. We hope that some of these practical insights and experiences can be helpful for other organizations which are facing the same questions: cancel, delay or persist.

MITRE ATT&CK has become very popular. This presentation helps to put the framework into practice, using realistic examples, demonstrating available community tools and showing how to use analytics to identify adversarial techniques in your network. 

CISOs spend almost half of their time on compliance activities, addressing similar concerns but tailoring responses to slightly different requests. This presentation provides guidance to avoid duplication of efforts and to become more effective in managing cyber-risks, using mappings and implementing metrics. 

Summary and conclusions of a workshop on frameworks, mappings and metrics, hosted by Eurocontrol, 23 January 2020.

The MITRE ATT&CK framework has gained a lot of traction in the security community. This presentation provides an introduction to the framework at its use.

This guide explains how to comply with the GDPR while performing log management and analysis for the purpose of cybersecurity. 

This paper, co-authored with Lokke Moerel, summarizes the cyber risks in ports and provides concrete and pragmatic proposals to increase substantially the cyber maturity and resilience.

Presentation on intelligence-led defence in which i pitched the idea that ISPs and Cloud providers should deliver built-in security to all their clients, by implementing baseline controls by default in the user infrastructure.

This presentation at Splunk .Conf 2017 explains the impact of GDPR on cybersecurity log file collection and goes through a breach investigation and response scenario.