Supporting an organisation to design their own cyber risk model and integrate it within existing business risk processes. Helping to implement a Cyber Security Framework.
Supporting an organisation to design a cyber crisis response plan.
Supporting the CISO/CIO of an organisation to review their cyber security strategy/plan, to design a cyber risk reporting mechanism and KPIs.
Supporting an organisation to identify and validate new suppliers, partners or customers in the cyber security space.
Supporting the practical implementation of GDPR and NIS legislation.
Delivering on site training and awareness raising to C-Suite and/or Board Members, including an interactive table-top exercise using a bespoke scenario.
Training the trainers, providing training material for end-users and administrators.
Support on Tactical Level
Briefing the technical leadership team on recent developments in the threat landscape, tools, techniques and provide feedback on security policies and security infrastructure plans.
Designing and producing an in-house Cyber Security Brief, summarising relevant recent cyber incidents and developments in tools and techniques.
Participating in design and implementation projects with respect to IT security, the setting up of SOCs, CSIRTs or cyber threat intelligence fusion cells.
Supporting an organisation to identify and establish relationships with specialised skills or resources.
Supporting an organisation to understand and implement the MITRE ATT&CK Framework.
Support on Technical Level
Supervising or supporting response to large-scale cyber incidents.
Supervising Red Team exercises and vulnerability assessment activities to determine weaknesses in the resilience and propose improvements.
Providing advice on the implementation of critical preventive controls.
Partners
02
Cyber for C-Suite
This training raises cyber awareness at the C-Suite and Board level and provides tools to manage the cyber risk in an integrated manner. The content is focused on the needs of Senior Executives and is conveyed in a language they understand. It is delivered in a session of half a day and it can be combined with a bespoke, interactive, table-top exercise. The training can be provided on premise and could be integrated with an in-house brainstorming on cyber risk and mitigation.
01
The Threat Landscape
An overview of the current threat landscape and insights in the expected evolution in coming years, based on advancements in technology, business processes and adversaries. What motivates your adversaries and which methods do they use? Assume breach and prepare well for the moment it happens.
02
Cyber Risk – Business Risk
A primer on cyber risk management and what a CEO really needs to know about it. About protection through understanding the key assets of the organisation and their risk of being compromised. How to integrate the cyber risk into the business risk? About Frameworks and critical preventive controls and managing the risks instead of hiding them.
03
Organise - Monitor
What to expect from your CISO? Do you want the cyber risks to be made visible to you or taken care of for you? Where to position the CISO in your organisation and what resources to allocate? Which are the KPIs and reporting mechanisms you should expect? How to set up intelligence, prevention, detection and response mechanisms, processes and systems? How to recruit and retain specialised cyber staff in an extremely competitive environment?
04
Leading through a cyber crisis
Have a crisis response plan before the crisis hits. Who is in the lead, who participates? How to behave during the crisis? Comply with relevant regulations (NIS, GDPR, sectorial aspects). When and how to report? Cooperation with law enforcement: opportunities and pitfalls. What and when to communicate with your staff, your clients, the press ?
05
Your Digital Footprint – Why Does It Matter?
A session on personal IT hygiene and managing your (and your executives’) social media footprint. How to be secure while travelling? How to safeguard your devices, your data and your credentials? With practical guidance based on the actual footprint of the participants and recommendations for mitigation.
Very experienced senior security executive with a strong track record in cyber security operations, policy, technology and risk management. Extensive operational management experience, both in line and support functions. Highly successful in setting up, managing and growing new departments in a complex international organization. Strong experience in supporting private and public organisations in improving their cyber risk management at strategic level. Hands on experience with high tech, research and entrepreneurship.
Recognized thought leader in security, risk and privacy. High level of peer recognition and access to a very extensive network in the cyber security community. Sought after speaker at conferences, sharing best practices in threat intelligence, SOC operations, prevention programs, risk management, privacy.
Since June 2017
CEO of Freddy Dezeure BV
Independent consultant, advising private enterprises and governments to improve their cyber resilience and cyber risk management. Trusted Advisor. Board Member and Advisory Board Member in cyber security start up companies (SpyCloud, Intel471, Cmd, Arctic Security, Corelight, Keyp, oneclick).
2011-2017
Head of CERT-EU
Setting up and managing the European Union Computer Emergency Response Team, protecting 60+ EU-level governmental entities in 28 countries with more than 100.000 users.
2007-2012
EC DG INFSO Head of External Audit
Managing a Unit of financial auditors, verifying the compliance of EU research project funding in the area of Information Society.
1996-2007
EC Joint Research Centre (3000 scientists)
Various management functions including COO and CRO, managing finance, human resources and research programme, internal audit, quality management, intellectual property management and technology transfer.
1987-1996
EC Directorate General Human Resources
Various functions in IT management and human resources management.
