Testing of the use of patterns

• Telindus-CSIRT for CyberSecurity Incident Response Team is a private CSIRT, defined, owned and operated by Telindus S.A. Due to its position of national and international cloud service provider and telecom operator, Telindus S.A. setup its own CSIRT for managing and responding to cybersecurity and computer security incidents originating from or targeting its own Autonomous System AS56665 also known as ASN-Telindus-Telecom. Consequently, Telindus S.A.’s customers using associated IP address(es) are all included in the constituency of Telindus-CSIRT.• Telindus-CSIRT is internationally recognized as CSIRT by Trusted-Introducer · Created on 2015, September 22nd · Listed on 2015, October 15th· Accredited on 2016, March 25th • More information on www.telindustelecom.lu/en/csirt/

Formerly known as "Security Audits and Governance Services" ~ SAGS

• Recommendation about the CISO function• Contributor to the 2020' edition of the CISO function from PwC Luxembourg: "Out of the shadows: CISOs in the spotlight!2020 CISO’s role and responsibilities survey" available at https://www.pwc.lu/en/advisory/digital-tech-impact/cyber-security/2020-ciso-role-and-responsibilities-survey.html

• Project Leader for the Benchmark of Information Security Controls (2016)The project was announced during the end-of-year event 2013 of the CLUSIL as upcoming deliverable of the working-group Information Security Management. The main goal was to create a questionnaire of security related controls for the community of information security experts. The project is focused on the Luxembourg information security landscape and aims at assessing questions that are not asked in other benchmarks or surveys.A total of 57 questions have been drafted, some of them may trigger to answer additional questions according to your answers; as such a total of 67 potential questions could be reached. The set of questions is distributed into 14 categories (45 technical questions, generic questions excluded) as depicted in the following tables and figures.This document represents the final version of the questionnaire prepared by the Benchmark Taskforce after several months of meetings, e-mail exchanges, fruitful comments and interesting discussions, as approved by the Board of CLUSIL. • CLUSIL 20th Anniversary· Presentation of the questionnaire for the “Benchmark of Information Security Controls” - Survey of security related controls for the community of information security experts. The project is focused on the Luxembourg information security landscape and aims at assessing questions that are not asked in other benchmarks or surveys. - 14 categories, 57 questions· Moderator of the Information Security Management track of conferences - The demise of information security by Koen Maris, CTO / Cyber Security at ATOS - A cybersecurity approach to protect IT infrastructures by Benoit POLETTI, Director at INCERT - CISO Survey by Rodolphe MANS, President at CPSI - Benchmark of information security controls by Cédric MAUNY, Risk Manager at Telindus· May 2016

• CLUSSIL annual conference 2009WG ISO 27001 : How ISO 27001 can be a support for CISOSpeaker for WG Standards, comparison of ISO 27001 with ISO 20000December 2009• CLUSSIL annual conference 2008GT RSSI : Les progrès sur le métier de RSSI, les domaines, l'organisation, la formationSpeaker for WG Business Continuity ManagementDecember 2008www.clussil.lu• CLUSSIL annual conference 2007Le RSSI protecteur de vos informationsCo-authorDecember 2007

• Planning and organisation of working sessions around the topic of Information Security Management - Mobile Security (3 working sessions in 2012) including a deliverable presented during CLUSIL end of year event 2012 - Incident Management (2 working sessions in 2012) - Status and change in legal, regulatory and standardization context (3 sessions in 2013)• Identification and invitation of key guest speakers for each topic • Co-coordination of work of dozen CLUSIL members for producing deliverables on each topic Deliverable on Mobile Security entitled --How to Use Smartphones and Tablets securely in a Corporate Environment-- • CLUSSIL annual conference 2012Working-group Information Security ManagementSpeaker as co-leader on presenting WG-ISM achievements 2012 outlook 2013December 2012

• CLeS is a global digital community that connects industry experts, specialists and professional talent with companies, organisations, entrepreneurs, start-ups and individuals around the world – to Consult, Learn, and Share.• On-demand expert for #cybersecurity

The ISAC represents the first cybersecurity forum dedicated to the manufacturing industry, launched in collaboration with the Department of the e-commerce and Information Security from the Ministry of the Economy. This one of a kind forum enables companies’ cybersecurity representatives to share information, experience, knowledge and best practices among peers in a climate of trust, with the aim of identifying sector-specific risk scenarios, vulnerabilities and threats to provide companies with concrete guidance in conducting a risk management analysis.This forum follows the principles of an « Information Sharing and Analysis Center » (ISAC) and will meet several times a year. It is moderated by Steve Muller and Cédric Mauny.

• FEDIL-ICT represents the leading players of the Luxembourg Information and Communications Technology sector. It acts as the voice and the principal interest group of the digital technology industry. The member companies range from innovative SMEs to major ICT companies.• Advisor for the « Cybersecurity Assessment Online Tool »

2nd Line of Defense

• Security conference "La sécurité au coeur de l'information" organised by SMILE - Security made in Lëtzebuerg Topic: Des lignes directrices pour la sécurité de l'information Speaker in the frame of the topic "Le vecteur organisationnel : Quand les routines de travail doivent changer pour être plus sécurisées"September 2012• Speaker at ISACA Information Security Day 2012 organised by ISACA LuxembourgTopic: The spy who came in from the cloudGlobal picture on the risks and security measures to protect cloud environments in 20121. Cloud, Security & Virtualization: State of the Art2. Governance, Risk and Compliance within the Cloud3. The Spy who came in 28 days from the Cloud: demonstration of a complete hacking scenario of a Citrix / Virtualised environmentFebruary 2012

• Information security standards (1-day training)• Information security risk management based on ISO/IEC 27005 (1-day training)• Introduction to information security officer / RSSI (4-day training)• Information security - Getting started (2-day training)• Luxembourg information security legal training (1-day training)• Introduction to (ethical) hacking (1-day training)• Ethical hacking explained - Hands on lab (4-day training)Telindus Training Institute has been awarded best IT Training Institute 2007 (ICT Award 2007 Luxembourg - ITOne)

Security Audits and Governance Services (SAGS)• Cybersecurity for CEOs · Advisor for the organisation of the Telindus cybersecurity conference organised at Kneip· 80 guests, 50 attendees (Telindus excluded), 59% of C-Level (23% of CEO and 13% of CIO) · Host for the afternoon, introduction of speakers, timekeeper· Cybersecurity trends (CISCO), Legal risks (EHP), Launch of Telindus’ Security Operations Center (SOC), Ransomware: License to crypt? - Survey of Luxembourg's security awareness· Moderator at the round-table: “How to protect your business in 2016/2017?” With - Gary CYWIE (Counsel at Allen & Overy) - Keith HALE (Co-Chair of Digital/FinTech, Data Management & Security working group at ALFI) - Jean-Paul HENGEN (Head of Sector ICT and ICT Cluster Manager at LuxInnovation) - Philippe ROGGEBAND (Cyber Security Business Development Manager at CISCO)· November 2016• 9th Cybersecurity Breakfast on the topic “Why is security not applied by default? Do security-by-design!”· Advisor for the organisation of the event· Moderator at the round-table on the topic “Why is security not applied by default for every software and for every development?”, with - Anna CURRIDORI, Information Security Manager at Lombard International Assurance S.A. - Gauthier BEFAHY, Business Developper at SCADEMY Secure Coding Academy Ltd. - Dr Tom LECLERC, Senior Security Consultant at Telindus· September 2016

Security Audits and Governance Services (SAGS)

Security Audits and Governance Services (SAGS)

Technology Leader for Security Audits and Governance Services (SAGS) - A Telindus security department• Speaker at Telindus TrendDay 2011Topic: Leadership et Gouvernance, Cap sur la création de valeur For companies, new challenges come with new usage of information. How new needs influence the manner IT services are delivered? How to ensure risks are controlled when most of systems, services and users are not under the direct control of companies anymore? How to map companies’ constraints with security governance?November 2011• Guest speaker at ISACA Luxembourg Annual General Meeting 2011Topic: The Citrix Hangover - Outlook Express very bad tipThis practical presentation describes a very detailed attack scenario targeting a Citrix environment via a published application without any application credentials. Firstly, shortcuts will be created through an unusual way. Furthermore, the close relationship between Internet Explorer and Outlook Express will be abused as stepping stone to finally break into the Citrix environment and threaten the entire internal networkwww.isaca.luApril 2011• Speaker at ISACA Information Security Day 2011 organised by ISACA LuxembourgTopic: How I met your customers... An illustrated story on Data Leakage & eSpi0wnageGlobal picture on information leakage and data leakage prevention in 2011 including three demosThe presentation has been awarded "best presentation" by the visitors of the conferencewww.isaca.luFebruary 2011

• Coordination of work for 30+ experts• Workshop Smart ICT standardization de l’ILNAS- Panelist at the round-table with Mario Wendt (Convener of the JTC 1 Special Working Group on Planning), Volker Jacumeit (Secretary of SWG-P) and Béatrix Barafort (Chairwoman of JTC 1/SC 40 mirror committee on IT Governance)- http://www.portail-qualite.public.lu/fr/actualites/normes-normalisation/2015/workshop-smart-ict-juin-2015/- June 2015• World Standards Day 2015 on the topic "Standards – The World’s Common Language" "Standards: Universal common language of the Information and Communications Technology"- Speaker with a presentation entitled Entschuldigen Sie mich, I did not understand, parlez-vous IT Методы обеспечения защиты?Standards are the world’s common language. As every language, Standards need to be learned and understood before being fluently used in the daily life. This presentation will draw the current landscape of IT Security Techniques standardization. The goal is to simplify your dive into the information and IT security standardization by introducing to you the most recent but also upcoming changes to anticipate and understand new trends in the field. At the end of the presentation, you will be fully aware of what is being ISO/IEC 27017, 27021 or even 27034.- http://www.portail-qualite.public.lu/fr/actualites/normes-normalisation/2015/Retour-sur-la-Journee-Mondiale-de-la-Normalisation-2015-au-Grand-Duche/- October 2015• Des experts luxembourgeois qui font progresser la sécurité de l’information- Depuis plus de 10 ans maintenant, le Luxembourg participe aux travaux de normalisation du comité ISO/IEC JTC 1/SC 27, en charge des techniques de la sécurité de l’information. Il est l’un des plus actifs dans le domaine de la normalisation, avec plus de 150 normes publiées à ce jour et plus de 50 pays impliqués dans leur élaboration.- http://www.itone.lu/article/des-experts-luxembourgeois-qui-font-progresser-la-securite-de-l-information- March 2016

• Coordination of work for 2 experts• Semesterly reporting to ILNAS• Coordination of national vote and comments on risk management International Standards and Technical Reports (ISO 31000, ISO Guide 73, ...)

• Chair of ISO/IEC SC27 Luxembourg - IT Security techniquesCoordination of work for 17 expertsSemesterly reporting to ILNASRepresentation of SC27 to JTC1 Forum in LuxembourgCoordination of national vote and comments on each of the ISO/IEC 27000 series of standards and other supporting standards (network security, information security incident management, business continuity, privacy, ...) and other sector-specific standards (ISMS for financial services)• Conference "TIC & Sécurité de l'information: Etat des lieux normatif national des TIC - Focus sur la sécurité de l’information"Presentation on the current status of the development of standards in the field of Information Security (ISO/IEC JTC1 SC27 IT Security Techniques) to anticipate change and evolution in this field, in particular major change of the key ISO/IEC 27001 and ISO/IEC 27002 standards expected in 2013This presentation has been replayed at CLUSIL Information Security Management WG session of February 2013November 2012• Conference "International Standards – Creating confidence in IT"Round table “IT standardization in Luxembourg” October 2011• Conference on Standardization and Cloud Computing Presentation of the work programme for the ISO/IEC JTC1 SC27 IT Security TechniquesFocus on Cloud Computing Security and PrivacyJune 2011• Guest speaker at CLUSSIL WG ISO 27001Topic: ISO 27000 family of standards : current status, evolution and roadmapApril 2009• ISO/IEC JTC1 Forum at ILNAS representing SC27 LuxembourgPresentation of ISO/IEC JTC1 SC27 - IT Security techniques and standardization work in 2009www.ilnas.public.luDecember 2009

CPSI: Collège des Professionnels de la Sécurité de l'Informationwww.cpsi.lu

CPSI: Collège des Professionnels de la Sécurité de l'Informationwww.cpsi.lu

• Member of the "Commission Technique"• Contributor to the deliverable "24 h ... silence on tourne – épisode 1 : la journée d’un quidam"

Member of OWASP LU ChapterMember ID #020001684

• Lecturer for the "Smart Interactions - Digital Trust" module with a half-day course entitled "ISO SC27 IT Security Techniques: Days of Future Past"• The purpose of this Certificate is to train in a year's time, with one semester of classes plus a semester devoted to an internship, people who want to - further - develop Smart ICT skills and maybe embrace new career opportunities in positions like Digital Strategy Consultant, Smart ICT Consultant, Innovation Manager, Standards Manager, Head of Innovation, Head of Digital Strategy or Entrepreneur (start-up company).

• Founding member and Vice-Chair of ANSILAssociation de Normalisation pour la Société de l'Information du LuxembourgLuxembourgian Information Society Standardization Associationwww.ansil.eu• Speaker for ANSIL at security and standardization conference Liens et synergies dans le paysage normatif ITTopic : Sécurité de l'information/SC27 – travaux normatifs au LuxembourgOctober 2008www.crpht.luNote: ANSIL has been dissolved the 2010, June 11st

• Founding member and General Secretary of ANSIL Association de Normalisation pour la Société de l'Information du LuxembourgLuxembourgian Information Society Standardization Association• Speaker for ANSIL at security conference ISO27001: Assurance, Maîtrise, ConformitéTopic: La normalisation 27001 et au-delà, Quel intérêt pour vous ?February 2008www.securite.tudor.lu

• Benchmark 2007 of Information Security in Banks and Insurance Companies in LuxembourgSecurity publication of the assessment of the security level and compliance with ISO/IEC 27001 and 27002 in banks and insurance companies in Luxembourg in 2007More than 130 financial entities contactedMedia coverage: Paperjam (June 2008), Paperjam TV, ITNews (June 2008), Business Review (May 2008), Soluxions (May 2008)Project leader and authorApril 2008www.telindus.lu

• Conception of QUALITA QUALITA = QUestionnaires for Auditing Logical and technIcal AssetsCentralized knowledge database for security consultants of Telindus GroupBased on technical questionnaires used for performing security audits and vulnerability assessmentDevelopment of technical audit questionnaires for Checkpoint FW-1, Cisco PIX, Microsoft Active Directory, Apache web server, ISO 17799/27002, Websphere application server, Webseal, Windows based systems, Solaris, ...

• Definition of the internal security policy• Setup of monitoring tools• Security advisories on implementation of an internal LDAP directory

• Management of technical infrastructure and security of the ISP and the web hosting service• Web application development