Zürich Metropolitan Area
Specialised in product cybersecurity compliance. My primary focus is on the EU Cyber Resilience Act (CRA), the EU Radio Equipment Directive (RED DA), and the UK PSTI. IEC 62443 often serves as a supporting standard for my work. I also provide PKI consulting and design services, and I lecture Network Security at ETH Zürich. During my PhD, I worked on product security and the security of OT networks. Today, I bring the insights from my PhD to my work as a consultant and architect. I put a strong focus on understanding the exact problem and client needs, to then design a tailored but pragmatic solution, thereby maximizing gains while avoiding work that does not bring value to my clients. My background as an electrical engineer helps me interact with both software and hardware teams, thereby allowing me to effectively bridge the gap between C-level, management, and engineers. I work in English, German, and Dutch.
I teach the Network Security course, focusing on the following topics: WebPKI, VPNs, BGP (in)security, and anonymous communication. Being a master-level course, I put a strong focus on design principles and considerations, rather than on specific protocols. About 320 students attend the course each iteration.
As a member of the CRA Expert Group, I advise DG CONNECT on cybersecurity policy for products with digital elements under the Cyber Resilience Act.
The JTC 13/WG 9 working group is responsible for the horizontal standards that will support the implementation of the CRA.
TC 65X/WG 03 is working to update the IEC 62443 standard series to make it suitable for use under the Cyber Resilience Act (CRA)
ETSI TC Cyber is working on various vertical product standards for the CRA standardization request. My focus within ETSI TC Cyber is on consumer IoT verticals.