© Mapbox, © OpenStreetMap


Tudor Damian

Tudor Damian

Microsoft Cloud & Datacenter Management MVP, Certified Ethical Hacker

Cluj-Napoca, Romania

As an IT consultant with more than 20 years of industry experience, Tudor is a Certified Ethical Hacker, a Microsoft Cloud and Datacenter Management MVP, and a regular speaker at local and regional community events.

His current areas of focus revolve around Cloud Strategy, Cybersecurity, GDPR, IT Governance & Risk Management, Data Protection, Systems & Network Administration, Business Continuity & Disaster Recovery, Business Process Optimization, and Digital Transformation.

He is also one of the founders and organizers of the ITCamp conference in Romania (itcamp.ro), designed to bring together tens of awesome speakers and hundreds of attendees every year.


Area of Expertise

  • Information & Communications Technology
  • Business & Management


  • Cybersecurity
  • Cloud Strategy
  • Cloud Migration
  • Cloud & DevOps
  • IT Governance
  • IT Risk Management
  • Data Protection
  • Systems & Network Administration
  • GDPR
  • Business Continuity & Disaster Recovery
  • Business Process Optimization
  • Digital Transformation

Tips for finding a Virtual CISO and creating a Cybersecurity Strategy

Cybersecurity is one of the most critical challenges facing organizations today. However, not every organization has the resources or expertise to hire a full-time Chief Information Security Officer (CISO) to oversee its cybersecurity strategy and operations.

A virtual CISO (vCISO) is an alternative solution that provides access to experienced and qualified cybersecurity professionals on demand. A vCISO can help organizations assess their current cybersecurity posture, identify and prioritize risks, develop and implement policies and procedures, train staff, monitor compliance, respond to incidents, and more.

But how do you choose the right vCISO for your organization? And how do you ensure that your vCISO aligns with your business goals and objectives? In this session, you will learn about the best practices of choosing a vCISO and building a coherent cybersecurity strategy that supports your organization's mission and vision. You will also hear from real-world examples of how a vCISOs can help organizations improve their cybersecurity maturity and resilience.

Demystifying Zero Trust

"Never trust, always verify" is the core principle of the Zero Trust Model, a rising trend in the world of IT security. With more and more people working remotely, there's a growing need to adapt to the complexity of the new hybrid workplace and to protect the people, devices, and apps, wherever they're located. However, not all people and organizations are ready for the digital transformation and management complexity that "perimeterless" security might require.

Verifying everything explicitly (users, apps, devices), using a least-privilege access model, defining the proper context for policy compliance and device health, and applying an assume breach approach are all essential parts of the process. Join this session to find out everything about how Zero Trust architectures are designed to work, and how implementing (or not implementing) ZT might impact you and your organization.

Moving to the Cloud - the Good, the Bad and the Ugly

If at first the Cloud was generally looked upon with distrust, the last decade has showed a significant shift in perception, with people becoming more and more familiar with what the Cloud is and what it can do for them.

While many advantages and business benefits of the Cloud have been repeatedly proven, moving to the Cloud brings its own challenges in areas such as IT & Data Governance, Cybersecurity, Change Management, Cost Control & DevOps/ITOps. And, unfortunately, many of those challenges are discovered long after the Cloud adoption is completed, bringing along unplanned effort and costs.

The session will look at the most common obstacles one has to overcome after the decision to move to the Cloud has been made, the reasons as to why (and why NOT) move to the Cloud, the main items to look at and keep track of before and during the move, and of course what happens *after* the move to the Cloud is completed. Real-life examples included.

Governance, Security & Compliance in the Cloud

The payoff of successful Digital Transformation can be essential for companies engaged in highly-competitive markets. Almost every business decision requires executives and managers to balance risk and reward, and efficiency in that process is essential to an enterprise’s success. However, when people talk about moving workloads to the Cloud, most times they just hear the technical mumbo-jumbo - IaaS, PaaS, SaaS, DevOps & automation, containers, and so on.

This session argues we should perhaps sit back for a bit and discuss the need to develop a coherent, long-term Cloud strategy, even before taking the first step towards a Cloud-centric or hybrid approach. In the end, it’s all about looking at the hows and whys of moving to the Cloud, planning a clear roadmap of your migration, and making sure that once you get there, you can sleep better at night knowing you’ve got everything under control.

Based on real-life projects and experience from recent years, this session provides a quick insight into the role that the Cloud plays within Digital Transformation initiatives, touching on challenges companies usually face when dealing with governance, security, change management & cost-control.

IT security in a post-COVID world

For a long time, IT Security has been a secondary topic for a lot of companies. More often than not, it only came to mind after an actual data breach or security incident, and was often overlooked otherwise. Over the years, things like WannaCry/Petya or GDPR compliance helped raise awareness a little bit, but those soon faded out as well.

However, the new "Low Touch Economy" emerging as a result of the COVID-19 pandemic could provide the jolt that IT Security needed for a long time. With a lot more people working remotely, the need to secure devices (laptops, phones, etc.), communication channels, as well as on-prem & Cloud infrastructure is now higher than ever before.

The global pressure on innovation and developing new business models to adapt to these changes is high. This session aims to address some of the major shifts and impacts of remote work by providing some ways to balance innovation and IT Security, while also touching on some of the ever-growing gaps in security incident detection and response.

You've just been hacked! Now what?

It's a time when assuming your systems and applications are "unhackable" is one of the biggest mistakes you could do. While most people still think that prevention and maintenance remain a top priority in protecting yourself, building a clear process around how you will respond to attacks and data breaches during and after their occurrence is something often overlooked, or simply ignored.

The past few years have brought along new vulnerabilities, exploits, and attack methods, as well as new data privacy requirements such as the GDPR. While all of these things require significant changes to any existing processes and tools, they mostly require a different approach when catering to people's IT security awareness.

Do you know how exposed you are when you're connecting to the hotel/restaurant/airport WiFi? Are you aware how fast clicking on a link can become a nightmare? Come down for a quick overview and live demos of some of the current cyber threats, especially as they pertain to social engineering vectors.

This session intends to bring the assume breach security posture into the spotlight. We'll be discussing recent trends in cybersecurity attacks (credential reuse, password spraying, insider attacks, 2FA-bypass, etc.) and look at the best ways to build your data breach incident response policy. Demos included.

Modern IT Risk Management

Almost every business decision requires executives and managers to balance risk and reward, and efficiency in that process is essential to an enterprise’s success. Too often though, IT risk (business risk related to the use of IT) is overlooked.

While other business risks such as market, credit and operational risks have long been incorporated into the decision-making processes, IT risk has usually been relegated to technical specialists outside the boardroom, despite falling under the same risk category as other business risks: failure to achieve strategic objectives. With the emergence of the Cloud, IT Risk has suffered yet another radical transformation.

This session focuses on specific plans on how to implement IT Risk Management on every level of your company in a Cloud-enabled world.

Personal Security in a Post-Pandemic Age

Two years of global pandemic have brought along significant changes for people everywhere - starting with more flexible Remote Work policies and the challenges those policies bring along, all the way to new or emerging attack methods, techniques, and tools. Nation-state actors are more prevalent, and with global-scale conflicts slowly moving into the cyberspace field as well, misinformation is everywhere.

The line between personal and business use of devices also gets consistently blurrier, with people connecting to business assets from the comfort of their home or local coffee shop wifi. During these new "post-pandemic normal" times, protecting your sanity, your personal data, as well as your mobile/IoT devices is more important than ever.

Come check out this session if you want to find out more about recent cybersecurity trends & known attacks, as well as methods of protecting yourself and the people around you.

Limitl3ss - IT Summit of Transylvania

March 2023 Târgu-Mureş, Romania

Defcamp 2022

November 2022 Bucharest, Romania

IT Days 2022

November 2022 Cluj-Napoca, Romania

Infosek 2022

September 2022 Nova Gorica, Slovenia

ITDays 2021

November 2021 Cluj-Napoca, Romania

PeakIT 004

October 2021 Braşov, Romania

Techorama 2021 Spring Edition

May 2021 Antwerpen, Belgium

Hek.si 2021

February 2021 Ljubljana, Slovenia

EuropeClouds Summit

October 2020

Collabdays Lisbon 2020

October 2020 Lisbon, Portugal

Cloud & Datacenter Conference Germany 2020

May 2020 Hanau am Main, Germany

Experts Live Europe 2019

November 2019 Prague, Czechia

DefCamp 2019

November 2019 Bucharest, Romania

KulenDayz 2019

September 2019 Osijek, Croatia

Microsoft Inspire 2019

July 2019 Las Vegas, Nevada, United States

ITCamp 2019

June 2019 Cluj-Napoca, Romania

Cloud & Datacenter Conference Germany 2019

May 2019 Hanau am Main, Germany

Hyper-V and Hybrid Cloud Community Day

May 2019 Hanau am Main, Germany

Microsoft MVP Summit 2019

March 2019 Redmond, Washington, United States

Experts Live Europe 2018

October 2018 Prague, Czechia

Microsoft Inspire 2018

July 2018 Las Vegas, Nevada, United States

ITCamp 2018

June 2018 Cluj-Napoca, Romania

Microsoft Cloud & Datacenter Conference Germany 2018

March 2018 Hanau am Main, Germany

Microsoft MVP Summit 2018

March 2018 Redmond, Washington, United States

Defcamp 2017

November 2017 Bucharest, Romania

Experts Live 2017

August 2017 Berlin, Germany

Microsoft Inspire 2017

July 2017 Washington, Washington, D.C., United States

Future Decoded 2016

October 2016 London, United Kingdom

Microsoft Ignite 2016

September 2016 Atlanta, Georgia, United States

Defcamp 2015

November 2015 Bucharest, Romania

Future Decoded 2015

November 2015 London, United Kingdom

Microsoft Ignite 2015

May 2015 Chicago, Illinois, United States

DefCamp 2014

November 2014 Bucharest, Romania

Microsoft TechEd Europe 2014

October 2014 Barcelona, Spain

Microsoft TechEd Europe 2013

June 2013 Madrid, Spain

Tudor Damian

Microsoft Cloud & Datacenter Management MVP, Certified Ethical Hacker

Cluj-Napoca, Romania