© Mapbox, © OpenStreetMap


Tudor Damian

Tudor Damian

Cloud & Cybersecurity Advisor @ D3 Cyber

Cluj-Napoca, Romania

An IT consultant with more than 20 years of industry experience, Tudor is a Certified Ethical Hacker, and a Microsoft Cloud and Datacenter Management MVP. His commitment to staying at the forefront of technology trends enables him to provide valuable guidance and support to organizations seeking to navigate the ever-changing IT landscape. His passion for sharing knowledge and engaging with the community has made him a regular speaker at local and regional community events, where he aims to provide valuable insights and guidance to professionals and enthusiasts in the IT industry.

In terms of expertise, Cybersecurity Strategy and Cloud Governance both rank highly among Tudor’s core interests, helping organizations develop effective strategies to leverage the power of Cloud computing and secure their operations. He also focuses on IT Governance & Risk Management, Data Protection, Business Process Optimization, and Digital Transformation.


Area of Expertise

  • Information & Communications Technology
  • Business & Management


  • Cybersecurity
  • Cloud Strategy
  • Cloud Migration
  • Cloud & DevOps
  • IT Governance
  • IT Risk Management
  • Data Protection
  • Systems & Network Administration
  • GDPR
  • Business Continuity & Disaster Recovery
  • Business Process Optimization
  • Digital Transformation

Crafting your Cybersecurity Strategy: Tips, Tricks, and Tales from the Trenches

Cybersecurity stands as one of today's top concerns for many organizations. While a lucky few may have the required expertise in-house, many still rely on external specialists to guide their cybersecurity endeavors, a thing which, in turn, tends to provide its own challenges.

Crafting an effective cybersecurity strategy involves assessing the organization's current posture, identifying potential risks, formulating comprehensive policies, ensuring staff are well-trained, responding to incidents, and maintaining adherence to compliance standards, among other tasks.

In this session, participants will delve into the foundational components of a robust cybersecurity strategy aligned with the organization's mission and vision. Through real-world examples, attendees will grasp how such strategies elevate an organization's cybersecurity maturity, improve its security posture, and fortify its resilience against potential threats.

Demystifying Zero Trust

"Never trust, always verify" is the core principle of the Zero Trust Model, a rising trend in the world of IT security. With more and more people working remotely, there's a growing need to adapt to the complexity of the new hybrid workplace and to protect the people, devices, and apps, wherever they're located. However, not all people and organizations are ready for the digital transformation and management complexity that "perimeterless" security might require.

Verifying everything explicitly (users, apps, devices), using a least-privilege access model, defining the proper context for policy compliance and device health, and applying an assume breach approach are all essential parts of the process. Join this session to find out everything about how Zero Trust architectures are designed to work, and how implementing (or not implementing) ZT might impact you and your organization.

Moving to the Cloud - the Good, the Bad and the Ugly

If at first the Cloud was generally looked upon with distrust, the last decade has showed a significant shift in perception, with people becoming more and more familiar with what the Cloud is and what it can do for them.

While many advantages and business benefits of the Cloud have been repeatedly proven, moving to the Cloud brings its own challenges in areas such as IT & Data Governance, Cybersecurity, Change Management, Cost Control & DevOps/ITOps. And, unfortunately, many of those challenges are discovered long after the Cloud adoption is completed, bringing along unplanned effort and costs.

The session will look at the most common obstacles one has to overcome after the decision to move to the Cloud has been made, the reasons as to why (and why NOT) move to the Cloud, the main items to look at and keep track of before and during the move, and of course what happens *after* the move to the Cloud is completed. Real-life examples included.

Governance, Security & Compliance in the Cloud

The payoff of successful Digital Transformation can be essential for companies engaged in highly-competitive markets. Almost every business decision requires executives and managers to balance risk and reward, and efficiency in that process is essential to an enterprise’s success. However, when people talk about moving workloads to the Cloud, most times they just hear the technical mumbo-jumbo - IaaS, PaaS, SaaS, DevOps & automation, containers, and so on.

This session argues we should perhaps sit back for a bit and discuss the need to develop a coherent, long-term Cloud strategy, even before taking the first step towards a Cloud-centric or hybrid approach. In the end, it’s all about looking at the hows and whys of moving to the Cloud, planning a clear roadmap of your migration, and making sure that once you get there, you can sleep better at night knowing you’ve got everything under control.

Based on real-life projects and experience from recent years, this session provides a quick insight into the role that the Cloud plays within Digital Transformation initiatives, touching on challenges companies usually face when dealing with governance, security, change management & cost-control.

IT security in a post-COVID world

For a long time, IT Security has been a secondary topic for a lot of companies. More often than not, it only came to mind after an actual data breach or security incident, and was often overlooked otherwise. Over the years, things like WannaCry/Petya or GDPR compliance helped raise awareness a little bit, but those soon faded out as well.

However, the new "Low Touch Economy" emerging as a result of the COVID-19 pandemic could provide the jolt that IT Security needed for a long time. With a lot more people working remotely, the need to secure devices (laptops, phones, etc.), communication channels, as well as on-prem & Cloud infrastructure is now higher than ever before.

The global pressure on innovation and developing new business models to adapt to these changes is high. This session aims to address some of the major shifts and impacts of remote work by providing some ways to balance innovation and IT Security, while also touching on some of the ever-growing gaps in security incident detection and response.

You've just been hacked! Now what?

It's a time when assuming your systems and applications are "unhackable" is one of the biggest mistakes you could do. While most people still think that prevention and maintenance remain a top priority in protecting yourself, building a clear process around how you will respond to attacks and data breaches during and after their occurrence is something often overlooked, or simply ignored.

The past few years have brought along new vulnerabilities, exploits, and attack methods, as well as new data privacy requirements such as the GDPR. While all of these things require significant changes to any existing processes and tools, they mostly require a different approach when catering to people's IT security awareness.

Do you know how exposed you are when you're connecting to the hotel/restaurant/airport WiFi? Are you aware how fast clicking on a link can become a nightmare? Come down for a quick overview and live demos of some of the current cyber threats, especially as they pertain to social engineering vectors.

This session intends to bring the assume breach security posture into the spotlight. We'll be discussing recent trends in cybersecurity attacks (credential reuse, password spraying, insider attacks, 2FA-bypass, etc.) and look at the best ways to build your data breach incident response policy. Demos included.

Modern IT Risk Management

Almost every business decision requires executives and managers to balance risk and reward, and efficiency in that process is essential to an enterprise’s success. Too often though, IT risk (business risk related to the use of IT) is overlooked.

While other business risks such as market, credit and operational risks have long been incorporated into the decision-making processes, IT risk has usually been relegated to technical specialists outside the boardroom, despite falling under the same risk category as other business risks: failure to achieve strategic objectives. With the emergence of the Cloud, IT Risk has suffered yet another radical transformation.

This session focuses on specific plans on how to implement IT Risk Management on every level of your company in a Cloud-enabled world.

Personal Security in a Post-Pandemic Age

Two years of global pandemic have brought along significant changes for people everywhere - starting with more flexible Remote Work policies and the challenges those policies bring along, all the way to new or emerging attack methods, techniques, and tools. Nation-state actors are more prevalent, and with global-scale conflicts slowly moving into the cyberspace field as well, misinformation is everywhere.

The line between personal and business use of devices also gets consistently blurrier, with people connecting to business assets from the comfort of their home or local coffee shop wifi. During these new "post-pandemic normal" times, protecting your sanity, your personal data, as well as your mobile/IoT devices is more important than ever.

Come check out this session if you want to find out more about recent cybersecurity trends & known attacks, as well as methods of protecting yourself and the people around you.

The NIS2 Directive: Europe's Response to Cyber Shenanigans

In a world where cyber threats constantly evolve, staying ahead is not just an option - it's a necessity. The EU's answer to this ever-changing digital landscape is a revamped cybersecurity directive, the NIS2, which might just be the most interesting thing to hit Europe since sliced baguettes. But what does this mean for you?

Join in as we demystify this directive, and see how it's changing the game, what it means for businesses, individuals, and yes, even the humble smart devices in our homes. Walk away with insights that'll make you the star of your next virtual hangout, and have your smart toaster nodding in approval (well, metaphorically).

NDC Security 2024 Upcoming

January 2024 Oslo, Norway

DefCamp 2023 Upcoming

November 2023 Bucharest, Romania

IT Days 2023 Upcoming

November 2023 Cluj-Napoca, Romania

Experts Live Europe 2023

September 2023 Prague, Czechia

The Developers

June 2023 Cluj-Napoca, Romania

Limitl3ss - IT Summit of Transylvania

March 2023 Târgu-Mureş, Romania

Defcamp 2022

November 2022 Bucharest, Romania

IT Days 2022

November 2022 Cluj-Napoca, Romania

Infosek 2022

September 2022 Nova Gorica, Slovenia

IT Days 2021

November 2021 Cluj-Napoca, Romania

DefCamp 2021

November 2021 Bucharest, Romania

PeakIT 004

October 2021 Braşov, Romania

Techorama 2021 Spring Edition

May 2021 Antwerpen, Belgium

Hek.si 2021

February 2021 Ljubljana, Slovenia

EuropeClouds Summit

October 2020

Collabdays Lisbon 2020

October 2020 Lisbon, Portugal

Cloud & Datacenter Conference Germany 2020

May 2020 Hanau am Main, Germany

Experts Live Europe 2019

November 2019 Prague, Czechia

DefCamp 2019

November 2019 Bucharest, Romania

KulenDayz 2019

September 2019 Osijek, Croatia

Microsoft Inspire 2019

July 2019 Las Vegas, Nevada, United States

ITCamp 2019

June 2019 Cluj-Napoca, Romania

Cloud & Datacenter Conference Germany 2019

May 2019 Hanau am Main, Germany

Hyper-V and Hybrid Cloud Community Day

May 2019 Hanau am Main, Germany

Microsoft MVP Summit 2019

March 2019 Redmond, Washington, United States

Experts Live Europe 2018

October 2018 Prague, Czechia

Microsoft Inspire 2018

July 2018 Las Vegas, Nevada, United States

ITCamp 2018

June 2018 Cluj-Napoca, Romania

Microsoft Cloud & Datacenter Conference Germany 2018

March 2018 Hanau am Main, Germany

Microsoft MVP Summit 2018

March 2018 Redmond, Washington, United States

Defcamp 2017

November 2017 Bucharest, Romania

Experts Live 2017

August 2017 Berlin, Germany

Microsoft Inspire 2017

July 2017 Washington, Washington, D.C., United States

Future Decoded 2016

October 2016 London, United Kingdom

Microsoft Ignite 2016

September 2016 Atlanta, Georgia, United States

Defcamp 2015

November 2015 Bucharest, Romania

Future Decoded 2015

November 2015 London, United Kingdom

Microsoft Ignite 2015

May 2015 Chicago, Illinois, United States

DefCamp 2014

November 2014 Bucharest, Romania

Microsoft TechEd Europe 2014

October 2014 Barcelona, Spain

Microsoft TechEd Europe 2013

June 2013 Madrid, Spain

Tudor Damian

Cloud & Cybersecurity Advisor @ D3 Cyber

Cluj-Napoca, Romania