Security & Privacy Officer / Mentor / Author using real cases & solutions to simplify information protection
Marc Vael is a known security and privacy expert from Belgium with 20+ years of experience. He is currently Chief Information Security Officer (CISO) at Esko. Marc has certifications in Infosecurity (CISM/CISSP), IT risk management (CRISC) and is a certified board director (GUBERNA).
Marc is a visiting lecturer at Antwerp Management School, Solvay Brussels School, TIAS Tilburg and KdG Antwerp. Marc was elected Fellow of the Hogeheuvelcollege at KUL in 2012 for his contributions to the IT industry.
Marc is a popular international keynote speaker and panelist who inspires with practical solutions and examples based on his experiences. He can cover security and privacy from the 10,000 feet level down to a step-by-step process. His talks range from a 30-minute inspirational keynote to a full five-day workshop. His engagements have taken him to 20+ countries around the world speaking to 15,000+ people.
Dutch, English, French
Technology, Transformation & Innovation, Business, Strategy and Management
security & privacy compliance, CISO, cybersecurity awareness, Privacy, Hacking, Cybercrime Prevention, Phising, Security incident handling
Presentations and Topics
Is it safe...to be online today and tomorrow?
The global media attention for cybersecurity incidents has an impact on the role of executive management about information security, much more than most executives are willing to admit. Consumers are holding organisations responsible whenever there is a cybersecurity incident that compromises their information and investors are holding organisations responsible when there is a cybersecurity incident because of the financial losses that occur and the devaluation of the organisation on the market.
Can any executive honestly claim cybersecurity is not their responsibility? Unfortunately, still too many executives completely delegate the cybersecurity responsibility to IT since they are convinced it contains too many technical elements.
This presentation explains how to create a secure climate by embracing technology and change. Executives will learn how to view cybersecurity no longer as an IT expense, but as a critical success factor to long term success.
This is done by showing to executive management and CIOs the top 3 internal and external threats on cybersecurity, but also the top 3 cyber resilience solutions for organisations today. Expect actual examples, a related movie, but also practical tools and references to help focus on the essentials in cybersecurity.
Handling privacy breaches the smart way
A constantly changing legal and regulatory environment is the “new normal” for privacy. The EU GDPR had a significant global impact since 2018 and inspired many other countries to renew their data protection regulations. The California Consumer Privacy Act (CCPA) went into effect in 2020. In addition, the global health crisis created concerns around new and emerging uses of personal data such as contact-tracing apps, telemedicine and network thermometers.
As the complexity of privacy regulations increases, so does the responsibility for organizations to manage personal data and ensure their security and privacy teams are aligned to respond to potential privacy breaches. Data breaches are a constant threat for all organizations, and no matter how many policies, strategies or defenses there are, sooner or later a skilled attacker will be able to compromise them.
In this presentation, Marc shows the importance of having a strong privacy practice including having robust policies, processes and tools in place to help manage data privacy and breach notification requirements. Employees should be regularly informed via training about basic privacy practices. HR, legal, compliance, security and IT are some of the teams affected by privacy and need to participate. In short, privacy is a team sport, and so are privacy breaches.
The presentation shows which 5 steps need to be followed when a data breach occurs and mentions 10 appropriate technical and organisational measures to avoid possible data breaches.
How to design rock-solid security
This presentation shows the urgency to adopt a proactive, pragmatic and strategic approach that considers security threats and risks from the start and not as an afterthought in the design and development of products and services in such a way as to minimise flaws that could compromise security which is called security by design perspective. This can make the difference between those who fail and those who thrive.
Marc addresses security by design and shows its importance in IT development projects because as a system is developed, it becomes harder and more expensive to add security afterwards.
Marc provides a proper explanation of a rock-solid security architecture model with a focus on integration with risk management, IT and business systems. Security by design techniques, benefits, principles and requirements are illustrated with lots of examples focusing on preventing security incidents rather than repairing the issue and restoring systems after a company has been hit by a security incident.
Marc summarizes the responsibilities for the security controls, security configuration, the automation of security baselines, and the end-user audit of security controls for infrastructure, operating systems, services, and applications. Finally, he shows how security by design is all about enabling trust in systems, designs and data so that organizations can take on more risk, lead change and innovate with confidence.
Testimonials & References
"Marc is one of the most inspiring individuals I came across along my career. What's so unique about Marc is this rarity of honesty, top professionalism, sense of humor, humanity, humility, and wisdom. A real Mensch."
Eh'den Biber, former IT Risk & Compliance Officer at Opel Vauxhall Finance UK
"From Pandemic Risk to Information Security, I've attended numerous seminars, training sessions and classes Marc has held. Course content is always of the highest standard. I've called on his professional council on behalf of my employer and found the service to be of the same Quality, both Effective and Efficient. Marc is at the top of his profession and I would answer his call anytime."
Michael Sim, former Security Officer at INCERT GIE Luxembourg
"Marc is very dedicated, has lot's of energy and enthusiasm to share with his team and to meet his goals. I really enjoyed working together with him and respect him for his expertise and experience in the field of security, business continuity, privacy and risk management. I also had the opportunity to cooperate with him on various management subjects during strategic practice meetings and was always pleased with his markets driven thinking. Marc is simply fantastic in sharing knowledge and his opportunism invigorates others to undertake complex and first-time project experiences. He is also very strong in relationship building and gained a strong reputation as lecturer in the fields of his expertise."
Peter Sarasyn, CEO at Recor Group
"Marc is an excellent communicator, has extraordinary skills, works hard, leads people effectively and builds long-lasting relationships. Hence Marc develops real teaming with both colleagues and clients generating high-class results that bring real value to both clients and company. I am happy and proud having had the opportunity to work with Marc across and despite country organisation borders."
Markus Bittner, Offizier at Bundeswehr Deutschland
"Marc's knowledge of IT, Information Security and IT Management and organisation make him a reference in the Business and a valued advisors. Marc is also an excellent trainer, facilitator and organiser and a genuinely nice person."
Denis Neuforge, Information Security Consultant at Euroclear