Your CISO Journey: Mastering Security Operations

Dive into the world of SecOps in our upcoming live webinar tailored for Chief Information Security Officers (CISOs) and IT security enthusiasts. Join us and Peter Geelen (Community geek in InfoSec) for a session that provides an overview and insight in our CISO training that bridges the crucial gap between information security and IT operations, focusing on practical strategies for collaboration and risk mitigation. Learn about the pivotal role of Identity and Access Management (IAM) in safeguarding access to resources, the importance of securing devices and applications in today's digital workspace, strategies for comprehensive network security in a boundaryless infrastructure, and the considerations for outsourcing security operations to enhance efficiency without compromising on security.

AI, CLOUD & MODERN WORKPLACE CONFERENCE 2024: RED FLAGS AND ATTENTION POINTS IN CLOUD SECURITY AUDIT

Event link: https://aicmwc.azurewebsites.net
Presentation on Slideshare: https://www.slideshare.net/slideshows/red-flags-and-attention-points-in-cloud-security-audit-watch-the-security-gates/266338983
Video recording: https://youtu.be/z1gYO5mXM14

ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity Maturity

The importance of a robust cybersecurity strategy cannot be overstated. Learning on the effective measures to be taken and tools needed to navigate the evolving cybersecurity landscape successfully is essential.

Amongst others, the webinar covers:

ISO/IEC 27002 and ISO/IEC 27032 and their key components
Key Components of a Resilient Cybersecurity Strategy
CMMC Frameworks

Speaker slot on Learning & Education at ISACA Belgium event

Here are some key takeaways from the enriching gathering:

Immersed in the world of PECB services! A big shoutout to our esteemed trainer and partner, 🔐 Peter GEELEN, who guided participants on an insightful journey through the offerings that make PECB stand out.

Unveiling the power of collaboration! Emphasis was placed on the immense potential for joint ventures in professional training. We explored the endless opportunities to leverage the PECB Skills platform for continuous skill development – a gateway to excellence!

Strengthening bonds for a brighter future! ISACA Belgium Chapter and PECB are excited to embark on a journey of alliance strengthening. Together, we aim to explore synergies in professional development, skill enhancement, and collaborative events.

Trainer/speaker at PECB insights conference in Paris:

Trainer/speaker at PECB insights conference in Paris:
https://pecb.com/article/pecb-insights-conference-2023-an-overview-of-the-pre-conference-courses

How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regulations?

The EU has implemented a range of regulations aimed at strengthening its cybersecurity posture. In this context, the ISO/IEC 27001 standard offers a comprehensive framework for managing and safeguarding sensitive information, such as personal data.

Amongst others, the webinar covers:

Quick recap on the ISO/IEC 27001:2013 & 2022
ISO/IEC 27001 vs legislation
The EU Cyber Legislation landscape
Some considerations and consequences
How to stay on top of the ever changing context

1st Annual International (ISC)² Chapter Conference 2022

https://www.eventbrite.com/e/1st-annual-international-isc2-chapter-conference-2022-tickets-400552833307

PECB Insights Conference 2022

https://conference.pecb.com/speaker/peter-geelen-2/

17 nov / Cloud Security and insecure API: How crucial is good API management
18 nov : Le RGPD fête ses quatre ans: que nous réserve l'avenir?

PECB - ISO/IEC 27001:2022 – What are the changes?

Amongst others, the webinar covers:

ISO/IEC 27001 & ISO/IEC 27002, catching up with history
Quick recap on the ISO/IEC 27002:2022
From ISO/IEC 27002 to the ISO/IEC 27001 updates
Some considerations & consequences of the update
What's up next with ISO/IEC 27001, in practice?

Privacy Cafe (DP institute)

Sessie 2: Peter Geelen: “Driehoeksverhoudingen”
Ken je Peter Geelen? Op zijn LinkedIn profiel vinden we onder meer de term ‘Life Hacker’. Dat klinkt al onstuimig. Gooi daarbij de term ‘driehoeksverhouding’ en we zijn klaar voor een pittige en zwoele sessie.

Maar vergis je niet, we gaan het op het Privacy Café toch wat stijver en serieuzer houden. “Er was eens een DPO, een CISO en een Business/data expert” lijkt al meer op de inleiding van deze lezing. Samen met Peter gaan we op zoek naar het kruispunt tussen deze expertisegebieden en zoomen we in op de uitdagingen van vandaag en morgen om veiligheid, compliance en business met elkaar te harmoniseren.

IAPP Data protection intensive Nederland - Keep Vendor Risk Under Control

https://iapp.my.salesforce.com/sfc/p/1a000000HSGV/a/1P000000LuDn/FUnnPnxoLVjm0.N17UzV4aW_gX9wae092XGoBJ60IJc

Hexnode - Data Compliance - Get it right the first time

(ISC)² Chapter Belux Event - #cybersecurity certification track options

Ethical Hacking and Cybersecurity – Key Trends in 2022

https://www.linkedin.com/pulse/pecb-event-collaterals-ethical-hacking-cybersecurity-key-geelen/

PECB Insights Conference 2021

(Speaker/Presenter)
The upcoming PECB Insights conference is a virtual event centered on information technology, security, and privacy, scheduled for November 15-16, 2021.

TBX 2021 - "Busting myths about cyber, security & privacy certification (Why would you certify?)"

What's the value of certification and accredited education? When you speak to security professionals and ask their opinion about security education and certifications, you mostly get black and white answers.
And very strong or even political opinions… This sessions discusses the value and benefits of accredited training. We look into a few myths about security training. Also, you'll get some hints and tips on a smart training roadmap: plan your education trip, maximum results with least effort, strengthen your experience with certified education. (Get the insights of a certification geek.)

GSDC Security Learning Fest 21 - Debunking 10 prominent ISO27001 myths (Peter GEELEN)

Date - 27th Sept To 30th Sept 2021

Data privacy is important because in order for individuals to be willing to engage online, they have to trust that their personal data will be handled with care. Organizations use data protection practices to demonstrate to their customers and users that they can be trusted with their personal data. So, we are raising awareness of Data Privacy specially for those who are working and responsible for Data Privacy from our webinar series so our Industry Experts share best practices with the working community.

This webinar is hosted by GSDC - Global Skill Development Council (www.gsdcouncil.org) and our keynote speaker for this webinar was Peter GEELEN.

(ISC)² BeLux Chapter - TLS Key Recovery

(Organizer)
RSA is one of the most commonly used algorithm for providing confidentiality, integrity and authenticity of digital information. RSA is used to secure web traffic up to TLS 1.2. Today, web servers have a certificate which protects the traffic between a web server and a client browser. This certificate contains a public key of 1024 or 2048-bits. But what will happen when the key material of the certificate is not correctly generated? Are you still sure that traffic is protected and cannot be compromised?

Johan Loos will show you two different ways on how a RSA private key of a certificate can be 'recovered' when you only have access to the public key.

This session is based on Johan's own research on RSA and focus on different types of RSA attacks. These attacks are demonstrated live using virtual machines. Johan wrote his own script in Python for the recovery of the cryptographic key material. This session is for people who wants to know more about RSA attacks, and how they can improve security.

About the speaker:

Johan is a freelance security researcher, security specialist, privacy and healthcare professional with interest in the area of IT security, information security, privacy, medical devices and cryptography. Johan is passionate about technology and evangelises security to organisations to take security seriously by implementing security and privacy by design principles.

Overview of the session

Overview on how the RSA algorithm works
Overview of the RSA attack used in this demo
How to recover a private key of a TLS v1.2 session and decrypt TLS v1.2 traffic

(ISC)² BeLux Chapter event - EA transform cybersec into Business Executive's opportunity

(organizer)
Putting Enterprise Architecture to work to transform cybersecurity into a Business Executive’s opportunity

Making business execs aware of and ultimately responsible for the cybersecurity agenda is not an easy endeavour. Connecting the strategic business realm with the hard-core reality of cybersecurity is a daunting task for security leaders, and needs to be addressed carefully–as cybersecurity is a business responsibility, not merely an information technology task. Enterprise architecture offers the tools and methods to connect these conflicting realities, to close the gap between opportunities and liabilities and to provide a platform for meaningful insights and alignment. In this talk we go into how to use enterprise architecture methods to transform liabilities into opportunities, and get business executives excited about cybersecurity.

Speaker: Niek de Visscher

PECB - Data Privacy Trends in 2021: Compliance with New Regulations

(Speaker)
The pandemic has changed the way the world works, shops, and interact; the consequences of this have included an increased reliance on technology for all of these activities and a corresponding increased sharing of personal information through technological mediums. Even before the pandemic, a global push was on to strengthen the protection of personal and health information and the results of these various influences has been an enhancement of privacy legislations globally. Compliance with global security laws is now also a larger concern for organizations everywhere.

The webinar will cover: Global trends in privacy legislations, Some commonalities between privacy laws, Compliance requirements which can affect your organization

PECB - CMMC, ISO/IEC 27701 & ISO/IEC 27001 - Best Practices and Differences

(Speaker)
PECB - CMMC, ISO/IEC 27701 & ISO/IEC 27001 - Best Practices and Differences

Prenne 56 (topic cybersecurity)

(Speaker)
Topic: CyberSecurity

TechNine - Virtual Event (Privacy & Security for SME)

(Speaker)
Event: IT Privacy Debate – November 24th

Registration at: https://www.eventbrite.be/e/tickets-technine-it-privacy-debat-126702914829

PECB Insights Virtual Conference 2020: GDPR turned 2 this year

(Speaker)

Thursday 15:00 – 15:45 French GDPR turned 2 this year: How successful has the regulation been in information security and where will it go 2 years from now?

https://pecb.com/conferences/

Presenter profile: https://pecb.com/conferences/speaker/peter-geelen-2/

PECB Insights Conference

(Speaker & Moderator)

The best and brightest minds in the field of Information Security, IT, ISO standards, and more, are gathered for two days of networking, learning, and expertise sharing.

To have stimulating discussions, the conference will be designed in panel sessions. During these panels, experts will discuss technology’s role in Cyber Security, Blockchain Technology, IoT, and AI, in both English and French.

Prenne 56 (topic cybersecurity) - Recording websession

(Speaker)

Ben jij actief in preventie, welzijn, gezondheid of milieu? Heb je nood aan bijscholing? Maar doe je dit wel graag op een digitale manier? Dan ben je op de juiste pagina beland! Prenne 56 is een volledig digitale Prenne

The PECB Insights Virtual Conference 2020 (French):ISO/IEC 27701 and GDPR

(Speaker & Moderator)

(french) ISO/IEC 27701 and GDPR: What are the security issues most prevalent when working remotely from home, and how is it best to overcome them?

Solvay Business School - Exec Edu : EU Data protection program: Security fundamentals

(Lecturer/Speaker)

https://exed.solvay.edu/fr/11-program/221-programme-in-european-data-protection

(ISC)² Belux chapter event : Cybersecurity in Industrial Control Systems

(Organizer)

PECB Webinar: ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know

(Speaker)

https://www.linkedin.com/pulse/pecb-webinar-isoiec-27701-vs-27001-nist-essential-things-geelen-/

Key Data Privacy Roles Explained: Data Protection Officer, Information Security Manager, and Inform

(Speaker)

The webinar will cover:

• What are the roles and responsibilities of the main actors responsible for protecting data in an organization?
• How can an organization find out if they are required to designate a DPO role or not?
• Can the roles of a DPO and Information Security Manager be covered by the same individual?
• What organizations are required to do to have the DPO perform its role and responsivities independently?

DPO Circle event - ISO27701 : The Newest Privacy Information Standard

(Speaker)

Explore the Newest Privacy Information Standard

(Organizer) ISC2 Belux Chapter Conference - Business Aligned Security

(Organizer) Business Aligned Security by Koen Maris - Cybersecurity Leader at PwC Luxembourg

(ISC)² Belux Chapter: Developers: your first line of defense against cyber threats/ Business Aligned

(Organizer)

Session 1:

Developers: your first line of defense against cyber threats

With the increasing number of cyber security attacks at the application level, the developers play a pivotal role in implementing a proper cyber resilience program for your company.

Speaker:

Mr. Eric Bariaux

Eric is currently Secure Delivery Director at Approach, where he focuses on bringing cyber security best practices to all aspects of the software development lifecycle. He leads a team of highly qualified experts in providing secure, end to end solutions to high profile organisations.

Having worked as senior developer, software architect and team leader for customers in the financial, insurance, telecommunication and healthcare sector, Eric brings a practical approach to making security and privacy an integral part of the development process.

Session 2:

Business Aligned Security

Recently, the french ANSSI (Agence Nationale de la Sécurité des Systèmes d'Information) has released an open-source AES library for ARM microcontrollers. This software implementation aims to provide a practical protection against side-channel attacks with state-of-the-art techniques. Additionally, the ANSSI has provided a first security analysis in which no attack could succeed with less than 100,000 observed encryptions.

In this presentation, a bottom-up approach is followed in order to analyze the security of this software. First, the implemented countermeasures and their expected behaviors are detailed. Second, the attack path and the methodology to extract useful information are described from a higher perspective. Third, the attack efficient is evaluated: we show that a full encryption key is recovered in less than 30 seconds (2,000 measurements). The improvement compared to the ANSSI's security analysis mainly comes from the introduced methodology called "Countermeasure's Dissection". As a conclusion, I argue that such a fine grain security evaluation is hard to automate without the knowledge of the target and under realistic timing constraints. If not done under these assumptions, the effective level of security may be over-estimated. Such case would be damaging for the long-term security of an infrastructure.

Speaker:

Mr. Koen Maris

Key Practical Steps on ISO/IEC 27701 Implementation

(Speaker)

In this session, we will go through ISO/IEC 27701 and ISO/IEC 27001 key practical implementation steps and how they can help you to be compliant with the GDPR.

Our presenters, Peter Geelen and Stefan Mathuvis will guide you through the implementer tasks with practical hints and tips and show you how an auditor will look at your implementation, searching for evidence and compliance. In addition, we will match the ISO/IEC 27(7)01 requirements to complete the GDPR obligations as far as possible.

Starting from executive management to privacy policies, handling notifications, setting up awareness programs, controlling user access requests, over vendor management to incident management (data breaches) and continuous updates.

The webinar will cover:
- Quick recap on general ISO components and approach
- Implementing ISO/IEC 27001 with the ISO/IEC 27701 extension for GDPR compliance
- Do's and don’ts for implementation and audit
- The importance of evidence in the audit
- Managing audit expectations and the never ending audit cycle

(ISC)² Belux chapter event: The principle of Shift Security Left.

(Organizer)

The principle of Shift Security Left.
How to build secure software.
Erwin Geirnaert

Co-founder & Chief Application Security Architect at Shift Left Security BVApplication security expert with 20 years of experience in securing applications.Erwin Geirnaert will present on why shift security left is important in cyber security at the ISC2 Belgian Chapter.

LinkedIn: https://www.linkedin.com/in/erwingeirnaert/

Clarence Pinto

Clarence is an independent cybersecurity consultant with extensive experience in the definition and execution of cybersecurity strategy, infosec risk management and enterprise security architecture. He has a background in commercial software application development for Fortune 50 companies as well as in the role of CTO for a 50-person geospatial software startup. Since 2011 he has been engaged in security architecture roles for BNP Paribas Fortis, Proximus, SWIFT and currently at the Mutualité Chrétienne. At BNPPF he was the security architect leading the bank’s secure software initiative within the Cards & ATM security program.

Clarence has been a guest lecturer on security architecture at Solvay Brussels School, TIAS and at Antwerp Management School. He was a trainer on application development and IT operations domains of the CISA boot camp organised by ISACA Belgium from 2011 until 2018. He is a member of the Open Group Security Forum and a founding member of the SABSA Institute. He holds certifications in TOGAF, SABSA, IT Governance, Infosec Management, Information systems risk & control, IS audit in addition to being a CISSP-ISSAP.

Webinar: ‘cybersecurity, een praktische introductie’ (21/2)

(Speaker)

Cybersecurity wordt beschouwd als één van de grootste bekommernissen in het huidige ondernemerschap. De veiligheid van (klanten)gegevens is een topprioriteit en een beleid hieromtrent uitwerken is noodzakelijk. Als adviseur zal je wel vaker de vraag krijgen van jouw klanten over hoe ze hiermee aan de slag moeten gaan.

Onze spreker, Peter Geelen van Cyberminute, wil een vernieuwende aanpak tonen die de zelfredzaamheid en veerkracht bij KMO’s inzake cybersecurity helpt vergroten.
Peter Geelen is sinds meer dan 20 jaar actief in de IT-sector en heeft een doorgedreven ervaring in Enterprise Security & Architecture, Identity & Access Management, Privacy & Data Protection, Cyber- en Cloud Security. Hij zal je tijdens dit webinar een introductie geven over de cybersecurity van vandaag, wat stilaan een vaste nieuwsrubriek is geworden, en jou enkele handvaten aanreiken zodat je als adviseur richting kunt geven aan de vraagstukken van jouw klanten.

Privatum - Privacy after work

(Speaker)

Privacy after work
met Jan Leonard (DPO @ Orange)
en Peter Geelen (Senior Information Security management Advisor @ Centre for Cybersecurity)
6 februari 2020 – Lummen
Na onze eerste “privacy after work” van oktober 2019 zijn we toe aan een vervolg.

Het concept en de aanpak blijft identiek enkel de locatie is anders.

Voor deze tweede sessie gaan we een stap verder richting datalekken:

Hoe moet je je organiseren?
Wat zijn de meest belangrijke stappen?
Hoe kan je de impact van een datalek objectief bepalen?
Hoe beheers je de communicatie?
Is het mogelijk om je voor te bereiden?
Wat is de rol van de DPO, de CISO, ….?
Vragen waarbij we vroeg of laat allemaal wel eens mee geconfronteerd gaan worden.

Daarnaast werpen we een blik op een “nieuwe” ISO normering nl ISO27701.

Wat houdt deze juist in?
Hoe kunnen we deze toepassen binnen de context van informatiebeveiliging?
Vragen waar onze sprekers – Jan Leonard (Orange) en Peter Geelen (CCB) – die avond een antwoord op kunnen geven.

Privatum en DQS – experts in privacy en dataprotectie – nodigen u uit voor de tweede infosessie met netwerkmoment in de kantoren van Privatum te Lummen op 6 februari 2020.

ISO/IEC 27701 vs GDPR: What you need to know

(Speaker)

As a follow-up on the previous session (4th of December), we run through the GDPR part of the ISO/IEC 27701 standard which has been published in August 2019.
We'll take it from another angle and use the ISO/IEC 27701 as a guide to complete the checklist for the GDPR implementation.

Also, with the help of the (new) PECB ISO/IEC 27701 lead auditor course, we'll have an auditor's look at the ISO certification and compliance. It's important to see how it works, to make sure your GDPR implementation can withstand the increasing demand for maturity from customers, subjects and data protection authorities that start to exercise their rights.

The ISO27701 contains important requirements and implementation guidance for implementing a PIMS (Privacy Information Management System), which will set the baseline for the future of privacy and data protection.

The webinar covers:

The GDRP view of the ISO/IEC 27701
Mapping the GDPR to-do and the ISO/IEC 27701 to-do list.
The ISO/IEC 27701 auditor mindset
Compliance AND/OR/XOR solid data protection?
Status of GDPR certification

Quick Guide to ISO/IEC 27701-The Newest Privacy Information Standard

(Speaker)

In this session, we have looked into the ISO/IEC 27701 standard that has been published in August 2019. This standard glues together the ISO/IEC 27001, ISO/IEC 27002, ISO 29100 and their sub-standards with the GDPR.

For certification and compliance, it's important to understand these standards and regulations, as the GDPR and other legislation have heated the discussion about certification. The ISO/IEC 27701 contains important requirements and implementation guidance for implementing a PIMS (Privacy Information Management System), which will set the baseline for the future of privacy and data protection.

The webinar covers:
Walkthrough of the ISO/IEC 27701
Links with ISO/IEC 2700x series standards, ISO 29100 series...
ISO/IEC 2700x and GDPR mapping
Audit & certification

Hardening Identity Manager environment

(Speaker)

The purpose of this session is to provide an overview of security best practices to secure your Identity Manager infrastructure, both on-premises as the cloud components. This document is rather a check list and security guideline than a detailed step-by-step guide. It does provide practical hints and tips to secure your setup, with many design considerations.
As a take-away you’ll have practical guide and food for thought to secure your Identity Management infrastructure and check your setup against the best practices.

(FR) GDPR 1Y LATER? HOW EFFECTIVE IN GDPR COMPLIANCE?

(Speaker/moderator)

French session
The GDPR effects can be seen in the new privacy laws being enacted all around the globe, as well as in the rise of the number of fines that organizations that have been found non-compliant are getting. In this session we will have a closer look at the impact that the GDPR is having since it was introduced.

CYBERSECURITY TRENDS, RISKS AND STRATEGIES – LEGAL & REGULATOR

(Speaker/moderator)

As the pace of security breaches keeps accelerating, so does the variety of attacks, advances as well as procedures set up to counteract them.

(ISC)² Belux chapter event: Security in an Agile environment

(organizer)

Introduction.

Agile development methodologies were never designed with security in mind - but as many have experienced, bolting it on as an after-thought hits some serous limitations.

The lack of holistic scope and the difficulty in translating user stories into actionable security requirements expose the difficulties with treating security as another type of user story.

These issues are only amplified as organisations move to applying Agile Frameworks at Enterprise scale.

In this presentation,

- we summarise the issues typically encountered with the new unholy trinity of Agile Value Delivery, Architecture & Security,

- discussing the place of security in Scaled Agile Frameworks and how this might work in practice.

Speaker Bio's.

Bonnie Demeyer SSCP

Bonnie is an independent Security Analyst and Information Security Manager who, since migrating her career from IT to Security three years ago, has been applying security to Agile and Scaled Agile projects.

Steven Bradley CISSP-ISSAP

Steven works as an independent Security Consultant with a research interest in model-driven approaches to security architecture.

During the event, we will also take 5 minutes to do the General Assembly of the Chapter and give you our usual very short activity report and introduce you to the new board members.

(ISC)² Belux chapter event: Security in an Agile environment

(organizer)

Agile development methodologies were never designed with security in mind - but as many have experienced, bolting it on as an after-thought hits some serous limitations.

The lack of holistic scope and the difficulty in translating user stories into actionable security requirements expose the difficulties with treating security as another type of user story.

These issues are only amplified as organisations move to applying Agile Frameworks at Enterprise scale.

In this presentation,

- we summarise the issues typically encountered with the new unholy trinity of Agile Value Delivery, Architecture & Security,

- discussing the place of security in Scaled Agile Frameworks and how this might work in practice.

(ISC)² Belux chapter Event: Docker and cloud security

(Speaker)

Peter will give you a summary of the best practices related to the use of the cloud, straight from the new CCSP CBK.

26 May 2018, from GDPR to sustainable GDP

(Speaker)

This webinar provided important insights on the importance of the upcoming new General Data Protection Regulation which will become enforceable in May 2018. Moreover, it covered the requirements that will help you get GDPR compliant, and the method/techniques that help you build sustainable data protection practices.

Main points covered:
• How to move from GDPR to GDP way of thinking?
• How can we use the GDPR to build data protection into the company DNA?
• What is required, for all parties in the story, to make it work?
• How can we build sustainable data protection practices?

Forget compliance! Only the GDP mindset will keep you alive!

(Speaker)

With the 2018 GDPR deadline in focus, many businesses with EU customers are feeling like a rabbit frozen in the GDPR headlights… But it’s not the ‘R (regulation) that matters, the GDP does. In this fastmoving era of cloud and data centers, information is flowing like water, and perimeter security is so Y2000. Join this presentation to learn how you can leverage best practices to build an end-to-end, layered security, and avoid information spills.

What if… you would manage your security like an airport?

(Speaker)

People with a bit of traveling experience, know that security is like in airport operations. Airport security operations are strongly regulated, by the same processes and procedures … that apply to IT.
The number of accidents per operation is lower than any other means of transport…
What if … you run your cloud and data center like an airport?
What can you learn from it?

ABC of identity: Maximizing security with 10 simple processes

(Speaker)
The identity lifecycle is the basis for all security. But most of people in IT security immediately think of technical solutions when locking down security.

In this session we will take a step back and have a look at the core identity processes and principles that drive your company.

Simply taking care of these base processes, with minimum effort will take care of 90% off the common security issues. Even with some basic manual tasks you can make the hacker's life to hell.