Freddy Dezeure

Freddy Dezeure

Don't hide the risk, 
manage it.

01

Advisory Services

Support on Strategic Level

  • Supporting an organisation to define their cyber risk model and integrate it within existing business risk processes. Helping to implement a Cyber Security Framework.
  • Supporting an organisation to design a cyber crisis response plan.
  • Supporting the CISO/CIO of an organisation to review their cyber security strategy/plan, to design a cyber risk reporting mechanism and metrics (KCIs).
  • Supporting an organisation to identify and validate new suppliers, partners or customers in the cyber security space.
  • Supporting the practical implementation of GDPR and NIS legislation.
  • Delivering awareness raising to all staff.
  • Delivering cyber risk oversight training to C-Suites and Boards.

Support on Tactical Level

  • Briefing the technical leadership team on recent developments in the threat landscape, tools, techniques and provide feedback on security policies and security infrastructure plans.
  • Designing and producing an in-house Cyber Security Brief, summarising relevant recent cyber incidents and developments in tools and techniques.
  • Participating in design and implementation projects with respect to IT security, the setting up of SOCs, CSIRTs or cyber threat intelligence fusion cells.
  • Supporting an organisation to identify and establish relationships with specialised skills or resources.
  • Supporting an organisation to understand and implement the MITRE ATT&CK Framework.

Support on Technical Level

  • Supervising or supporting response to large-scale cyber incidents.
  • Providing advice on the implementation of critical preventive controls and metrics.
02

Cyber for C-Suite and Board

This training raises cyber awareness at the C-Suite and Board level and provides tools to manage the cyber risk in an integrated manner. The content is focused on the needs of Senior Executives and is conveyed in a language they understand. The training can be provided on premise and could be integrated with an in-house brainstorming on cyber risk and mitigation.

01

The Threat Landscape

An overview of the current threat landscape and insights in the expected evolution in coming years, taking into account advancements in technology, business processes and adversaries. What motivates your adversaries and which methods do they use? What do they target and what could be the impact for you?

02

Cyber Risk – Business Risk

A primer on cyber risk management and what a CEO really needs to know about it. About protection through understanding the key assets of the organisation and their risk of being compromised. How to integrate the cyber risk into the business risk? About Frameworks and critical preventive controls and managing the risks instead of hiding them.

03

Organise - Monitor

What to expect from your CISO? Do you want the cyber risks to be made visible to you or taken care of for you? Where to position the CISO in your organisation and what resources to allocate? Which are the KPIs and reporting mechanisms you should expect? How to set up intelligence, prevention, detection and response mechanisms, processes and systems? How to recruit and retain specialised cyber staff in an extremely competitive environment?

04

Leading through a cyber crisis

Have a crisis response plan before the crisis hits. Who is in the lead, who participates? How to behave during the crisis? Comply with relevant regulations (NIS, GDPR, sectorial aspects). When and how to report? Cooperation with law enforcement: opportunities and pitfalls. What and when to communicate with your staff, your clients, the press ?

05

Your Digital Footprint

Personal IT hygiene and curating your social media footprint. How to be secure while travelling? How to safeguard your devices, your data and your credentials? With practical guidance based on the actual footprint of the participants and recommendations for mitigation.

03

About

Very experienced senior security executive with a strong track record in cyber security operations, policy, technology and risk management. Extensive operational management experience, both in line and support functions. Highly successful in setting up, managing and growing new departments in a complex international organization. Strong experience in supporting private and public organisations in improving their cyber risk management at strategic level. Hands on experience with high tech, research and entrepreneurship.

Recognized thought leader in security, risk and privacy. High level of peer recognition and access to a very extensive network in the cyber security community. Sought after speaker at conferences, sharing best practices in threat intelligence, SOC operations, prevention programs, risk management, privacy. Board trainer.

Since June 2017

CEO of Freddy Dezeure BV

Independent advisor supporting private enterprises and governments to improve their cyber resilience and cyber risk management. Board Member and Advisory Board Member in multiple cyber security start up companies. Trusted Advisor and Mentor. Community contributor.

2011-2017

Head of CERT-EU

Setting up and managing the European Union Computer Emergency Response Team, protecting 60+ EU-level governmental entities in 28 countries with more than 100.000 users.

2007-2012

EC DG INFSO Head of External Audit

Managing a Unit of financial auditors, verifying the compliance of EU research project funding in the area of Information Society.

1996-2007

EC Joint Research Centre (3000 scientists)

Various management functions including COO, managing finance, human resources and research programme, internal audit, quality management, intellectual property management and technology transfer.

1987-1996

EC Directorate General Human Resources

Various functions in IT management and human resources management.

1982-1987

ETAP NV

CIO in private industry.

04

Events and Talks

FUTURE EVENTS

PAST EVENTS

06 November 2024 | Tilburg | TIAS School for Business and Society

TIAS Advanced Programme Cybersecurity and Governance

10 October 2024 | Brussels | Private

CERT-EU Conference: Real World Cloud Security - by Default

03 October 2024 | Utrecht | Kargadoor

Vuln4casting to inform your Board

01 October 2024 | The Hague | World Forum

One Conference: Digital Sovereignty is Impossible Without Big Tech

06 September 2024 | Brussels & hybrid | IPC (Residence Palace)

SANS & CCB Hybrid Cloud Security Event: Baseline Cloud Security by Default

27 May 2024 | Tilburg | TIAS School for Business and Society

TIAS Advanced Programme Cybersecurity and Governance

16 May 2024 | Brussels | Hybrid

EU MITRE ATT&CK Community Workshop

23 April 2024 | The Hague | The Hague Conference Centre New Babylon

Governance and Boardroom responsibility

18 January 2024 | Brussels | Hybrid

Cyber Threat Inform your Board - Belgian EU Presidency Cybersecurity Summit

17 November 2023 | Zaventem | Private event

AI, should we be happy or afraid?

27 October 2023 | Tilburg | Tilburg University

Monitor, measure and report

26 October 2023 | Brussels | CECE Summit

How can you measure your cyber risks?

12 October 2023 | Tilburg | Tilburg University

Cybersecurity as a strategic enterprise-wide risk

29 June 2023 | Brussels | CERT-EU Conference

Message in a bottle

26 May 2023 | Brussels | Hybrid

EU MITRE ATT&CK Community Workshop

07 October 2022 | Brussels | Hybrid

EU MITRE ATT&CK Community Workshop

16 September 2022 | Private event | Brussels

Cyber Risk at Board Level

07 June 2022 | San Francisco | Moscone Centre

MITRE ATT&CK - The Next Level

02 June 2022 | Brussels | European Commission

EU ATT&CK Community Workshop

22 October 2021 | Brussels - virtual | Videoconference

EU MITRE ATT&CK Community Workshop

01 June 2021 | Brussels - virtual | Videoconference

EU MITRE ATT&CK Community Workshop

19 November 2020 | Virtual | Data+AI Summit Executive Forum

Databricks Security Roundtable

23 October 2020 | Virtual | Videoconference

EU MITRE ATT&CK Community Workshop

21 October 2020 | Virtual | CYBER.CERIDES Launch Event

Three Questions

29 September 2020 | Private event | Nyenrode Business University

Cyber Risk at Board Level

23 September 2020 | Private Event | Ericsson Network Security Seminar

In the Eye of the Storm

17 September 2020 | Virtual | NCSC-NL Week van de detectie

MITRE ATT&CK - In Practice

16 September 2020 | Virtual | Invitation only event

Crowdstrike CSO Round Table

28 August 2020 | Virtual | ISACA Singapore - GTACS 2020

Effectively Applying MITRE ATT&CK In ICS

25 June 2020 | Virtual | Crowdstrike Virtual Forum

Top Of Mind

18 May 2020 | Virtual | Videoconference

EU MITRE ATT&CK User Group

27 February 2020 | San Francisco | RSA Conference

MITRE ATT&CK: The Sequel

25 February 2020 | San Francisco | RSA Conference

Frameworks, Mappings and Metrics: Optimise Your Time as CISO or Auditor

23 January 2020 | Brussels | Private event

Frameworks, Mappings and Metrics

25 October 2019 | Luxembourg | Alvisse Parc Hotel Dommeldange

EU MITRE ATT&CK User Group: Organiser and Chair

09 October 2019 | Seattle | King St. Ballroom & Perch at Embassy Suites by Hilton

ZeekWeek 2019: Keynote

20 September 2019 | Luxembourg | European Convention Center Luxembourg

Auditing cyber security risk: from nuisance to impact

13 June 2019 | Zurich | SIGS Technology Summit

ATT&CK in practice - a primer to improve your cyber defence

13 May 2019 | Lausanne | Private event.

Ethical dilemmas during technical reaction

09 May 2019 | Brussels | Eurocontrol

EU MITRE ATT&CK User Group: Organiser and Chair

07 May 2019 | Munich | Information Security Hub - Munich Airport

ISH Conference: How to set up your defence?

05 March 2019 | San Francisco | Moscone Conference Centre

ATT&CK in practice - a primer to improve your cyber defence

31 October 2018 | Zurich | Private event

UBS Cyber Risk Conference: Keynote speaker

19 October 2018 | Luxembourg | Alvisse Parc Hotel - 120 Route d’Echternach, 1453 Luxembourg

EU ATT&CK User Group: Organiser and Chair

12 October 2018 | Torino | Private event

Magneti Marelli General Affairs Symposium: Keynote speaker

02 October 2018 | Vancouver |

Ready Room Briefing

24 May 2018 | Luxembourg | Private event

ATT&CK in practice workshop: Organizer and Chair

16 April 2018 | San Francisco |

RSA Conference - 10 pitfalls to avoid in GDPR

15 March 2018 | Munich | Private event

Siemens CERT Anniversary Conference - Keynote

21 February 2018 | Lint | AED Studios

Infradata Summit - What makes 'Threat Intelligence" intelligent?

05 February 2018 | Hamburg |

TFCSIRT - GDPR and your SIEM

07 December 2017 | Zurich | Private event

UBS Cybersecurity Conference - Keynote

29 November 2017 | Roosendaal |

VNDELTA - Cyber Security in Ports , Business as Usual? - With Lokke Moerel

24 November 2017 | Dublin |

IDC CISO Summit - Gain and Maintain the Attention of your C-Suite

23 November 2017 | Zurich |

SIGS SOC Forum - Keynote

18 October 2017 | London | Private event

Amazon ZonCon - Keynote

26 September 2017 | Washington |

Splunk .Conf - A day in the life of a GDPR breach

21 September 2017 | Washington |

Phantom Cyber User Conference - Keynote

05 September 2017 | Brussels | Private event

CERT-EU Conference - Keynote

10 July 2017 | Tallinn |

Cyber Security Summer School - Keynote

01 July 2017 | Private event |

Stichting Don fundraising event - Keynote

21 March 2017 | Lake Constance |

DFRWS/IMF - Keynote

05

Publications

03 October 2024

Digital Sovereignty Is Impossible Without Big Tech

In our keynote panel at the One Conference 2024 we discussed the recent call of major user organizations to implement cloud baseline security by default, unburdening them of the many duplicative efforts of verifying, implementing, and maintaining recommended security baselines for the benefit of society at large. Cloud providers can play a key role in strengthening the baseline security of the ecosystem by setting robust, well-configured security controls as the default, and permitting customers to make adjustments per their own risk appetites.

15 February 2024

Improving the world's cyber resilience, at scale. Implementing baseline security by default.

This publication is a follow-up of our article “Digital Sovereignty Is Impossible Without Big Tech”, calling upon the large cloud providers Microsoft, Amazon, and Google to “improve cybersecurity worldwide by implementing baseline security by default”. Our earlier paper generated a positive response, but also requests to elaborate on baseline security by default and how it can be achieved.

18 January 2024

Cyber Threat Inform Your Board

CTI needs to serve a purpose, whether technical, tactical, or strategic. How do we prioritize our limited resources with a continuously changing threat landscape? How confident are we that our efforts to cyber-protect our organization are sufficient? And how can we explain to our leadership that this is indeed the case?  We must step up our game by continuously adapting our defenses in an informed manner, by making sure our mitigating controls are functioning as intended and the residual risk stays within the risk appetite. 

 

Slide deck of the presentation at the Brussels Cybersecurity Summit 18 January 2024

20 December 2023

Digital Sovereignty Is Impossible Without Big Tech

Most European companies and governments use the cloud infrastructure of three U.S. providers—Amazon, Microsoft, and Google. The widespread dependence on these ‘big tech’ companies for our cybersecurity - and therefore our national security - poses a threat to the digital sovereignty of the EU and its member states. Given the pervasiveness and impact of cyber threats, any form of EU digital sovereignty only possible if we can leverage the scale of big tech as an opportunity. The authors call upon big tech to use their massive infrastructure and their insight on cyber threat actors and their modus operandi to improve cybersecurity worldwide, by implementing baseline security controls as a default, and on EU and US governments to facilitate a self-regulatory discussion towards this goal.