2022: ACTIVITY REPORT OF THE CYBER SECURITY COALITION

European policymakers are increasingly focusing on digital sovereignty. This is due to the growing awareness that the European Union is highly dependent on foreign players for digital services, which makes the EU potentially vulnerable to external influences. Consequently, the EU wants to strengthen its own position and become as self-sufficient as possible in terms of digital technology.  

The war in Ukraine brought geopolitical tensions to a head and caused a clear acceleration in this notion last year. As a result, European institutions are pushing even harder to cut down digital connections with foreign – and therefore potentially unreliable – actors.

Legitimate concerns
  
Applied to the world of digital technology, this tendency is particularly evident in European legislation around data protection, with the General Data Protection Regulation (GDPR) being the best-known example. For European companies however, these regulatory initiatives have major implications. For instance, using cloud technology offered by US-based hyperscalers without concern currently entails a GDPR violation, as these companies are not compliant with the European regulation.

Vincent Dock, Senior Strategy Manager for the B2B market at Proximus: "Whilst concerns about Europe’s own digital and technological sovereignty are certainly valid, they create a lot of confusion. Companies are hesitant to migrate their sensitive data to the cloud as they would be violating GDPR regulations. They want to benefit from the advantages this technology offers but are legally not allowed to take the next step. It is like children looking at the shop window of a sweet shop and not being allowed in."

New business opportunities

This tension became evident in 2020, when the so-called Schrems II ruling was pronounced, stating that companies in breach of GDPR legislation could be effectively fined. At the time, this decision showed how technology has increasingly become a major subject of geopolitical tensions.

For European integrators, this context generates new business opportunities. "At Proximus, we are looking for ways to continue to use the public cloud for our data. As a result, we developed extensive internal expertise around using US cloud providers in a GDPR compliant way. We now want to offer this expertise to our customers and help provide a solution to resolve the dilemma that many European companies face today. Our intention is to market these solutions as of 2023."

Clear negative impact

On the downside, Dock emphasises above all the pernicious repercussions of the current situation. "The general consequence is that companies have chosen to go back to developing in-house solutions for their data, thus stopping the migration movement to the cloud. However, this goes against the global trend, and de facto causes a slowdown in technological growth. This is undeniably harmful for our European economy." 

Moreover, Dock fears that the intensification of geopolitical tensions reduces the chances of an adjustment to the current situation. "While it is absolutely right to put sovereignty at the centre of the political debate, Europe is currently confusing this aspiration with technological sovereignty. The European institutions have already indicated that they are keen to resolve the problem, but we feel that the existing structures will struggle to do so,” he concludes.  

In recent years, the European Union has been trying to strengthen its geopolitical profile. One of the concrete examples is the debate on digital and technological sovereignty, which Ursula Von der Leyen, president of the European Commission defined as “the capability that Europe must have to make its own choices, based on its own values, respecting its own rules, specifically in relation to technology.”

There now is a clear ambition to increase the EU’s autonomy in the field of technology. This is reflected in EU policy documents and strategies, but equally in the policy obligations that the Union imposes on member states and foreign actors, such as the Digital Services Act, the Digital Markets Act, the AI Act, and the Chips Act.

“The choice of the concept of sovereignty in the discourse is remarkable because it is intrinsically linked to a statecraft political imaginary, in which territoriality and national sovereignty matter. This shows that it is considered a crucial politics issue in EU circles,” clarifies Raluca Csernatoni. She is a guest professor at VUB and a fellow at Carnegie Europe, a research institute analysing European foreign and security policies, where she specialises in European security and defence as well as emerging disruptive technologies.

Policy ambitions driven by necessity

Europe’s policy ambitions are largely driven by both geo-economic and geostrategic necessity. For example, in the past two years, the EU has been struggling with a clear shortage of chips. Moreover, it is often difficult for the EU to prevent promising start-ups, especially in the scale-up phase, from being taken over by powerful, non-European players.  

By striving towards strategic autonomy in technology, the EU seeks to boost its international reputation and its industrial competitiveness. It also aims to facilitate strategic cooperation with likeminded states and to strengthen the internal innovation drive among member states. Raluca Csernatoni: “The ultimate goal is to mobilise the agendas of all actors involved. This should lead to an ignition of internal investment, boost cyber resilience across Europe and result in a reduced supply chain vulnerability. If we don't do this, the EU risks losing the technology-digital-innovation game on the world stage.” 

Compliance becomes a complex task

In reality, however, policy actions that contribute to this objective are hard to achieve. After all, Europe's clout as a policymaker is mainly focused on the single market. Therefore, instrumentalising European policies for geopolitical purposes is not easy nor self-evident. The increase in European regulations in the coming years risks leading to a legislative overstretch, making it very complex for member states and other commercial stakeholders to comply with all applicable rules.

Nevertheless, Csernatoni expects European policies to deliver results in the coming years. “I predict that this trend will certainly lead to a further build-up of existing capacity around technology, digital and cyber security issues in the coming years, including at the member state level. This stems from the realisation that the infrastructure of our digital lives needs to be further protected.”

To take this step, intermediate organisations can function as the ‘translators’ of these policies. Raluca Csernatoni sees an increasingly crucial role for the Cyber Security Coalition, for example. “After all, these platforms can explain the need for this transformation and translate it into workable products for the general public. At the end of the day, it is not about theoretical concepts, but also about how our everyday lives are shaped,” Csernatoni concludes.

It is an open door: there is a record shortage on the labour market, and a shortage of cyber security specialists in particular. “For many employers, it is like looking for a needle in a haystack,” says Geert Bussé, Head of NGS Presales EMEA at Westcon-Comstor. “Meanwhile, the dangers are not diminishing. Hackers are getting increasingly creative.” 

Moreover, the situation today looks completely different compared to roughly two years ago. “For years, putting up walls to protect your critical business infrastructure was sufficient. But times have changed. Working remotely, for example, was a game changer: employees suddenly had to gain access to systems and databases from home. This created new vulnerabilities and attack points.”

A more efficient security model

Consequently, a new security model needs to be put in place. “The Zero Trust security model is a direct result of the demise of the network perimeter and is based on the principle of 'never trust, always verify'. This means access is only granted according to the minimum privileges that someone needs to exercise their job. It therefore no longer makes sense to build one shield, since applications are scattered anyway. Zero Trust is based on dynamic and granular access control of users, systems, and applications wherever they may be, independent of the underlying network infrastructure.” 

Rolling out such a new architecture does not happen overnight. “For companies, it means that they have to completely rethink their security mechanisms, while observing a number of basic principles. Everything starts with the identification of the user and the device that they connect with. In addition, the context must be taken into consideration and the role of each user must be clearly defined. And finally, the risk profile of each user must be mapped out.” 

Nothing but benefits 

With all these efforts, companies can significantly reduce their exposure to attacks. This benefits not only the company itself, but also its customers. “After all, they connect to a more secure organisation, which reduces the risk of malware infections or data loss for themselves as well,” continues Geert Bussé. “The Zero Trust principles should be integrated in every digital transformation process. It may not look that simple at first sight. But by opting for solutions that have been developed based on the Zero Trust concept and by sharing our experiences with this model, we can speed up the entire process.” 

In December 2022, a collective called Play hacked the servers of Digipolis, the IT partner of the City of Antwerp. Local authorities were given a week to pay a ransom, but in the meantime, services fell apart. How the hackers proceeded in this case is still under investigation, but there is no doubt that the damage has been extensive, and that the city suffered a loss of reputation. 

A multi-layered security approach 

Ine Segers, Director of Cyber Trust at Devoteam Belgium: “Many organisations such as Digipolis and the City of Antwerp have invested heavily in digitisation in recent years. As a result, the risk landscape changed. So, as an organisation, you have to ensure that your security evolves along with it. After all, hackers will always find new loopholes to force an entry. This sad incident also clearly demonstrates that we need a worst-case scenario where we don't trust anyone and verify users' identities at all times. This principle is called Zero Trust, a model where security is no longer assured at network level, but a multi-layered approach is used.” 

The current situation requires this innovative approach. “Since the corona pandemic, we increasingly work from different places and often in the cloud. So, security has to be tackled at other levels than before. The starting point is a verification of the user’s identity and location, as well as the network. In addition, it is important to clearly map out resources and create an adaptable access policy, yet without compromising the user experience.” 

A flexible framework is needed 

In addition to identity verification and an adaptable access policy, incident detection and data encryption are also important pillars of a modern security architecture. “Actually, as a company you have to continuously perform a risk analysis and ensure that your cyber security is up to date. Anyone who does that will sooner or later reap the benefits. After all, cyber security can also be a business enabler. A company that can demonstrate that it adheres to the principles of Zero Trust exudes self-awareness and confidence. We see that customers are increasingly attaching importance to that.”

Fortunately, many companies today realize that these principles are valuable. But setting up cyber security according to the Zero Trust model requires a transformation. “Best practices can help to develop a feasible strategy. And an organisation such as the Cyber Security Coalition, that connects companies, can certainly play a role in this. For example, we could create a framework in which Zero Trust is approached practically. In the coming years, I want to put my shoulders to the wheel for this,” concludes Ine Segers. 

By spring 2023, the CCB should count 120 employees: 60 more than a year ago. Phédra Clouner, Deputy Director, explains “We are fully engaged in the implementation of the European Cybersecurity Act. It introduces a cyber security certification framework for ICT products, services and processes for the whole EU. Each member state must appoint a National Cybersecurity Certification Authority (NCCA) for this purpose. In Belgium, that task has been assigned to the CCB. This move will entail extra work, hence the significant recruitment.” 

A lever for internationalisation 

The certification body has a double mission: firstly, it will represent Belgium and Belgian interests at the European level, including in determining the schemes that will be used for cyber security certification. “The concrete elaboration of the Cybersecurity Act has yet to take shape. We already know that there will be three levels of certification: ‘basic’, ‘substantial’ and ‘high’. As NCCA, we will issue the certificates for the highest level, and will also be responsible for monitoring this European certification in Belgium.” 

According to Clouner, the importance of European cyber security certification cannot be underestimated: “We will finally have a uniform system to compare the cyber security of IT products, services and processes. For companies, it means only going through certification once for the entire EU. This can become an important lever for the internationalisation of Belgian companies. Moreover, our ambition is to become one of the European countries that is least vulnerable to cyber threats. The more we can certify at a high level, the more this will contribute to cyber security.” 

Many regulations in progress 

In addition, the CCB remains the national coordinating body for cyber security. “There are many European regulations coming up or being implemented. To give one example, the NIS2 directive, which aims at enhancing and monitoring the cyber security of critical sectors,” says Clouner. “By 2024, digital service providers and new sectors including the public sector, postal services, chemicals and manufacturing will also have to comply with new requirements. This is a whole new security framework that we are preparing.” 

At the same time, the European Union is increasing investments in research and development, and in innovation in the field of cyber security. The European Cybersecurity Competence Centre (ECCC) was set up for this purpose. “The aim is to pool and better coordinate research, technology and industrial development investments in the field of cyber security in the Union, across the borders of civilian and defence organisations. The ECCC will also manage financial support from, in particular, the Horizon 2020 and the Digital Europe Programme. Our role is to be the national hub and support this competence centre and coordinate investments from the EU programmes in Belgium,” Clouner explains. 

New initiatives for 2023 

In order to offer Belgian projects a greater chance of European financial support, the CCB will set up the Belgian Strategic Advisory Group in 2023. “We will gather representatives from the Belgian cyber ecosystem around the table: representatives of government services, academia, and stakeholder organisations. In this way, we will get a good view of what is happening in the field, and we can better inform the community, through all of the partners, about investments the EU can potentially support.” 

Another priority for 2023 is to further increase the cyber resilience of the Belgian economy. “We will fully focus on raising awareness and cyber resilience among companies, through the portal  'safeonweb@work' and a campaign, which will also run on television. We will develop tools to help companies evaluate their cyber security maturity and identify their vulnerabilities, and direct them to specialised advice, for example. Finally, we are working on a quality label for websites, which will allow users to easily see whether the site they are visiting is sufficiently secured,” concludes Clouner. 

“Looking at 2022 through a legal lens, you can only conclude that this was the year in which major steps were taken in terms of more cyber security and hygiene,” opens Thomas Declerck, Senior Associate at law firm Allen & Overy and specialised in cyber security. “The EU has clearly strengthened its position as a global leader in cyber security this year.” 

The movement towards more European regulation on cyber security has been going on for several years. “For example, the new Network and Information directive NIS2, which was adopted in 2022, builds on the first NIS, adopted in 2016. For a number of sectors, it determines which cyber security measures must be taken and can therefore be legally enforced.” 

NIS2 expands the number of sectors covered by this scheme, while also tightening the obligations. “To give just one example: it has been established that the entire management team of a company - and not just the CISO - needs to be concretely involved in managing the risks and complete additional training on cyber threats. The regulation makes a real effort to build cyber governance reflexes. It should no longer be a mere IT issue,” says Declerck. 

Start of a new cycle 

In addition to the further expansion of existing regulations, the EU also launched many new initiatives in 2022, such as the Cyber Resilience Act (CRA). “This is a proposal of a series of mandatory conditions for digital products, which producers must meet to be granted the right to sell on the European market. Products that meet these cyber security requirements will receive the well-known CE label.” 

Similar initiatives were also taken with the Artificial Intelligence (AI) Act and the AI Liability Act, which should lead to clear rules on the use of AI, a technology that is inextricably linked to cyber security. Unlike the NIS2, which has now entered the phase of implementation at a national level, these are all legislative initiatives that are just getting started. 

“We have clearly started a new cycle of regulation in Europe,” Thomas Declerck adds, also emphasizing that sufficient time should be allowed for the implementation phase. “If you start adding new rules too quickly, it will create too much bureaucratic burden for companies. To some extent this is inevitable, but if rules are perceived as just a bureaucratic obligation, they are de facto missing their purpose.” 

National level remains essential 

However, if the further roll-out and implementation of these rules happen at the right speed, this could turn into a competitive advantage for European companies and organisations. “Many of them already start realising that cyber security can grow to be a USP for many sectors,” Declerck has noticed. 

The implementation of these rules is done at the national level. For Thomas Declerck, this also shows why – despite the obvious Europeanisation of the regulatory framework for cyber security – national actors still have a crucial role. Moreover, he also sees many reasons for optimism: “Belgium has taken important steps in recent years. This is not least to the credit of the Centre for Cyber Security Belgium and organisations such as the Cyber Security Coalition, who create a forum for discussion and knowledge sharing,” he concludes.  

On 13 May 2022, CyberWal (short for ‘Cyber Security for Wallonia’) was officially launched as a strategic initiative of the Walloon Region. Since this day, all actors working on cyber security within Wallonia are assembled under the umbrella of this consortium. CyberWal is the brainchild of Professor Axel Legay (UCLouvain) and should be seen as a real game-changer in the Belgian cyber security landscape, combining education, research, and innovation projects. 

The Galaxia business park in Redu, in the province of Luxembourg, was chosen as the base of operations for this consortium. "Above all, we should welcome this necessary initiative,” says Georges Cottin, Deputy General Manager of the Group IDELUX, the province’s agency for sustainable economic development. "Getting this chance to establish and, above all, develop a fully-fledged ecosystem is an exceptional opportunity for the region and for our country." 

European Cyber Security Centre of Excellence 

The ecosystem also emerged thanks to the federal government's efforts, as it is inextricably linked to the decision to house one of the European Space Agency's (ESA) operational centres in Wallonia. “The ESA is setting up a Cyber Security Operations Centre at its site in Redu, where the European Space Security and Education Centre (ESEC) is located. This illustrates the key role of the ESEC in terms of cyber security in Europe, which was reconfirmed by the 22 Member States of the ESA in November 2022,” Georges Cottin explains.  

These initiatives should eventually lead to the official inauguration of the European Cyber Security Centre of Excellence by the end of 2023. The 3,300 m2 state-of-the-art infrastructure, provided by RHEA Group, an international group in engineering consultancy, will welcome a vast group of cyber security professionals. This concentration of knowledge and actors thus provides the perfect context for the expansion of CyberWal. “All this will eventually lead to a true Belgian space and cyber valley with European ambitions,” Georges Cottin said.  

International visibility 

Georges Cottin also highlights the role of the Walloon government in the development of this site and the accompanying ecosystem around cyber security. “Thanks to funding from the regional economic recovery plan, and the support we received from Minister of Economy and Digitalisation Willy Borsus, today we possess a quantum cyber security demonstration model and a cyber range, which will be used for training and testing. The infrastructure is at the disposal of both our universities, research centres, and companies.”  

This focus on training will become one of the spearheads of this newly established ecosystem in future. In December 2022, for example, a training week on cyber security was organised. This initiative brought together seventy students from Belgium and the Grand Duchy of Luxembourg and will continue over the next two years. “This contributes directly to CyberWal's higher goal of building bridges between the needs of institutions and companies on the one hand and the academic and research world on the other,” Cottin clarifies.  

CyberWal’s clear objective should eventually lead to increased, international visibility of the region, and by extension of Belgium, in the field of cyber security. “The ecosystem allows us to go beyond the borders of our own region. At a time when Europe, in terms of cyber security, is increasingly federalising, this is a crucial development,” concludes professor and CyberWal inspiration Axel Legay.  

The ongoing development of Industry 4.0 is causing a true transformation of business. Sensor technology, Internet of Things, automation, and Machine-to-Machine communication are being implemented in more and more so-called ‘Factories of the Future.’ With booming digitisation and connectivity, new opportunities are being created at a record pace. However, this trend undeniably increases the complexity of technological development and the need for cyber security measures.  

Advanced manufacturing and digital transformation are a focal point for Sirris, the collective centre of the Belgian technological industry. “Our goal is to help companies realise their innovations and reap the benefits of technology. By building bridges between industrial players and technological innovations, we facilitate progress,” explains Tatiana Galibus, Cyber Security Ambassador at Sirris.  

In reality, this support very often comes down to guidance around the development and implementation of cyber security in an OT environment. For example, Sirris organises several masterclasses for companies from all possible sectors and of all scales. These courses are deliberately hands-on and focus on the specific questions presented by the companies themselves.  

“This helps participants to take steps forward quicker,” Galibus notices. Moreover, the results in the field prove that this approach pays off. “For example, one of the companies that we worked with this year discovered during the training programme that they were under attack. It’s hard to imagine a better proof of relevance.”  

Increased maturity  

For Tatiana Galibus, this illustrates the broader movement of increased maturity regarding cyber security in the Belgian industry. “As a result of increased awareness, companies have become smarter in dealing with the threats and resources present, so the trend is clearly positive. I would say that a year ago, it was still very different: you could feel a clear lack of maturity in the field. Thanks to the Cyber Security Coalition, more companies also find the way to Sirris for a masterclass or an innovation project.”  

Contributing to over 1,300 innovation projects a year, Sirris is evolving with its partners in the field of cyber security as well. “By working closely with our industry partners, we better understand how they operate and what their issues are,” Galibus says. “I often work with engineers today, searching ways to further secure their machines and the operational technologies used. This knowledge sharing is very valuable and relevant.” 

Consequently, Sirris expects a further acceleration of cyber security awareness and developments in the field of OT in the coming year. “2022 was the breakthrough year for us. As a result of the increased maturity level in cyber security, companies are looking more for support and are contacting us faster. This helps us to increase the level of cyber security in the industry even more. A clear example of this is the energy sector, with which we have been working closely to facilitate their gigantic transition movement,” Tatiana Galibus concludes. 

“The fact that even the City of Antwerp is anything but infallible shows that safeguards in all layers of the system are crucial,” clarifies privacy expert Bavo Van den Heuvel. He is co-founder of Cranium, an international consultancy firm that provides advice on privacy, data protection and security. 

Van den Heuvel links this reality to the still-palpable fallacies regarding data protection. “It remains too often an afterthought, something people think about after they have built a system. However, we always advocate involving security from the beginning. It is the only way to - hopefully - arrive at an inherently secure system.” 

Lots of promising innovations 

Yet Van den Heuvel stresses that there is also a lot of promising innovation in the pipeline within the privacy field . “Every hacking is actually a learning moment for us as security professionals. So, in practice, hacking is more valuable than any cyber security marketing campaign.” 
One such technology generating high expectations is differential privacy. Simply said, this technology adds noise to the given source data, making identification (especially for players with bad intentions) more complex. 

The use of synthetic data is also gaining importance. “This is data generated specifically to be used during the testing phase of new systems; it is very similar to the real data. Because security in this phase is much lower than in production environments, it is risky business to begin with using all your real data,” Van den Heuvel explains.  

Context calls for greater efforts  

These kinds of innovations are not only necessary in the constant race against hackers, they are also a crucial by-product of the many initiatives being launched - certainly at the European level - to further facilitate the international exchange of data.  

“I am referring, for example, to the European Identity Wallet, which should eventually enable European citizens to identify themselves digitally anywhere in Europe. While it will enable a further opening of the market, in terms of security it is far from straightforward. This is because the regulations surrounding identity cards differ from country to country, and are therefore not exactly the same from a security perspective,” Van den Heuvel clarifies.   

‘Spotify for data’  

Plenty of evolutions can also be noted at the Belgian level. “This can certainly be linked to the efforts of the Cyber Security Coalition, which ensures an open communication culture where everyone can share their concerns.”  
A clear example is the creation of the Flemish Data Utility Company, explains Van den Heuvel. “The idea behind it is that citizens themselves will be able to exchange their data in a secure way with certain authorities or organisations. Think, for example, of an energy provider, to whom you will give access to a specific part of data from your personal data vault, enabling them to work out a personalised proposal for you that takes into account much more data than ever before.”

This kind of evolution can trigger a broader mindshift around data sharing, according to Van den Heuvel. “You get into a logic of buying and selling: a very valuable trend because it makes trying to obtain data illegally much less interesting. It amounts to the creation of a kind of Spotify model for data, and we know that this model has pretty much ruled out illegal music downloading,” he concludes.  

(photo: Iris Walravens)
 

In 2016, Nina Olesen started working at the European Cyber Security Organisation (ESCO), based in Brussels. Today, the organisation’s work is spread across six working groups that support all types of projects for developing, promoting and encouraging European cyber security. “I am coordinating the working group on education, training, awareness and skills. This is where the idea of Women4Cyber originated,” explains Nina, now Head of Sector at ECSO & Supervisor at the Women4Cyber Foundation. 

Kiki Walravens coordinates the Belgian chapter of Women4Cyber, established in 2022. “The common thread throughout my career has always been tech. I joined the Vice President of the GSM Association’s Brussels office at the founding meeting of Women4Cyber. Due the pandemic, I had to say goodbye to the Association after 18 years, and I took the opportunity to reorient myself, focussing on cyber security. I was lucky that Elke Kraemer from Clusity, which gives a platform to women in tech, took me under her wings and flagged the creation of the Belgian chapter,” Kiki explains. 

Need for education 

Studies have shown that the sector is going to need more and different types of experts as the field of cyber security grows and our society’s digital transformation accelerates. Nina Olesen: “We not only need technical people, but also non-technical people with different backgrounds. Because of the low rate of women working in cyber, we did a mapping of existing training and skills initiatives. We found out there were nearly no initiatives dedicated specifically to European women in cyber security. Therefore, ESCO established Women4Cyber in 2019, with the support of 35 founding, high-level women in the cyber security field in Europe.” 

Thanks to ESCO, Women4Cyber has a strong link with Europe, but to extend its reach, the foundation set up a framework of national chapters, beginning in Spain. “This enables a much bigger impact. We are proud that we now have 16 national chapters, including Belgium.” 

The main goals of Women4Cyber are to raise awareness, create role-model campaigns, and offer mentorships. “We have over 300 active mentors and mentees, both male and female. Our goal has never been to tip the scales the other way, so we’re open to women and men,” Nina clarifies. Thanks to sponsorships and donations, the foundation was able to invest in a mentorship platform and a one-stop-shop online platform for trainings, the Women4Cyber Academy (www.women4cyberacademy.eu), which lists the current opportunities in Europe for improving or learning cyber skills. “In 2023, we wish to build a European-designated platform for cyber security jobs, so stay tuned!” 

Building (Belgian) bridges 

Kiki came from an international background, and found it surprising to experience how vibrant the Belgian landscape is. “I volunteered to coordinate the Belgian chapter. In September 2022, the chapter and its plans were approved by the European Women4Cyber Foundation. In the meantime, eight workstreams have been set up, a social media strategy is being developed, and we are preparing a structured campaign and an event for International Women’s Day on March 8, 2023,” Kiki continues. 

At the Belgian Women4Cyber chapter, Kiki appreciates the opportunity to learn more cyber skills, stay active, position herself in the industry, and get a good picture of the different jobs in cyber. “I recently attended a course at CyberWayFinder, where I made a lot of new contacts. That made me realise that I’m interested in a job where stakeholder relations, cyber awareness and communication are important, to build bridges in the cyber security world,” Kiki says. “I would love to spread the message that it is never too late to give your career a new direction. Educational initiatives are not only for younger people, but for anyone who is interested.” 

Karin Hanselaer can look back on a long career in the banking sector. As her children grew up, she took Italian lessons, learnt to make jewellery, and always kept herself busy with something creative. “I got a lot of satisfaction from those hobbies, from my family, and from my job, but professionally I no longer felt challenged. Until Patrick Wheeler suggested I take a course in cyber security.” 

Patrick Wheeler founded CyberWayFinder together with Rosanna Kurrer in 2017, with the aim of employing more women in the cyber security world. “Initially, I was very hesitant. I was over the age of 50 and knew nothing about cyber security,” Karin says. After consulting her family, she began CyberWayFinder's pilot year, together with 23 other women.  

During the three-year course, the students attended six hours of classes a week, over two teaching days. “During the ‘bootcamp’ (the course kick-off), I learnt about cryptography for the first time. Clarence Pinto explained how the Nazis' Enigma machine worked. I have a degree in mathematics, so I was immediately sold. I knew then that cryptography would become my speciality.” 

All-in-one package 

Each year, CyberWayFinder students take one exam, covering SSCP, CCSK and CISSP in turn. “We not only acquired theoretical knowledge about cyber security, we also brushed up our soft skills,” Karin Hanselaer says. During the programme, a mentor follows up the student’s career. Karin, for instance, was supported by Philippe Fransolet, cryptography architect at BNP Paribas Fortis. He helped her get a position in the Key & Certificate management team in October 2018. “I had the theoretical knowledge, but no practical experience. Thanks to my history at the bank, though, I was productive within three months. In fact, I obtained my last certifications while I was already in my new position.” 

Without a nudge in the right direction, Karin would never have started down this track. “I didn't know it existed. Now, fortunately, there is more communication around CyberWayFinder. I would really recommend it. It takes a lot of energy to step out of your comfort zone and start something you know nothing about, but it is immensely enriching,” Karin testifies. “My family is proud that I graduated, and so am I!"  

Safety net  

Everyone in the industry is helping to promote the initiative. The result is an incredibly large network and safety net. “CyberWayFinder organises events that I still try to attend as much as possible. I reconnect with both lecturers and former colleagues who studied with me. I am very grateful to Patrick and Rosanna for the opportunities they have given me,” Karin concludes. “Partly because of her role in this programme, Rosanna has become Cyber Security Personality of the Year 2021. This recognition is well deserved, in my opinion!” 
Meanwhile, the programme has been adapted into six-month modules, and has been expanded to include male students. You can find more info at www.cyberwayfinder.com.  

Saskia Van Uffelen has had a long career in IT, with multinationals such as Ericsson and Inetum. Today she focuses, amongst others, on her assignment as an ambassador for digitisation. For example, she is digital manager at technology federation Agoria, the organisation that also set up the research group ‘Be The Change’, in 2018. 

“By conducting research on the evolution of the Belgian labour market, in particular the increasing labour shortage due to the lack of digital competences, we want to convince policy makers, the educational field, and other sectors and companies that training should be our top priority,” says Van Uffelen. Analyses show that by 2030 more than 500,000 jobs will not be filled due to a lack of talent. 

“In order to make people available for these vacancies, we will have to automate as many processes as possible. However, it is important to stress that for every job that disappears due to automation, 2.7 new jobs are created. This is good news, but completely different competencies are needed for those new jobs.” 

Digital inclusion 

In another striking figure, 46% of working Belgians run the risk of being excluded in a digital world. Van Uffelen explains, “This is partly due to the fact that they have too few digital skills, are not familiar with the digital applications, or cannot afford digital products due to high energy costs, for example.”
 
This observation led to the creation of DigitALL, the Digital Inclusion Charter, whose signatories explicitly commit themselves to taking action and creating awareness. “By drawing attention to the offer and supporting initiatives together, we want to help solve the training problem and close the knowledge gap. Numerous initiatives already existed, aimed at all sectors, genders, knowledge levels, etc. But we assembled them within one ecosystem. The Cyber Security Coalition is also part of this.” 

Connecting the dots 

DigiSkillsBelgium.be is the Belgian platform that brings together all digital skills training initiatives. “Initiators can make contact, inspire each other, expand an initiative to a new location, and so on,” explains Van Uffelen. The website currently includes more than 1000 initiatives from 500 different parties. When it became clear that the parties involved in the existing initiatives did not know each other, and that citizens might not be able to get in touch with them, Saskia, as National Coalition Lead for Digital Skills, contacted the European DG Connect. This prompted the development of a 'Digital skills and jobs' platform for Europe and locally in Belgium. 

“DigiSkillsBelgium.be is one of the components of a complete ecosystem in which we want to connect all digital initiatives from the Be The Change research group, to ensure that we sharpen digital skills faster and help to fill jobs, rather than waiting on the regular education system”, says Van Uffelen. 

Long live learning! 

The initiatives in the ecosystem are still in their infancy, partly because society still has to evolve. “We need a different culture: learning is a continuous process that helps us move forward. Lifelong learning sounds too negative to me, like a punishment. 'Long live learning!' is more appropriate and motivates to keep learning, at any age.” 

“With DigiSkillsBelgium.be, we have already brought together all the initiatives regarding digital skills training. Now we have to raise awareness, make citizens aware of what is on offer and of the platform, and get the financial support to make the initiatives bigger. This is the only way we will reap the benefits of the great work that has been done so far,” concludes Saskia Van Uffelen.