Leden in de kijker
Alex Driesen & Sebastien Deleersnyder
Among the member organizations of the CSC, Toreon is an example of an SME achieving world leader quality through exquisite focusing on security in general, and both threat modeling and OT security (industrial, medical, IoT) in particular.
Being themselves small and flexible, Toreon offers a very pragmatic approach suited to smaller companies.
Among the member organizations of the Coalition, Toreon is an example of an SME achieving world leader quality through exquisite focusing on security in general, and both threat modeling and OT security (industrial, medical, IoT) in particular.
The Coalition is an association with a large diversity of member organizations. Why in particular is Toreon involved in the activities of the Coalition?
We fully endorse the underlying philosophy of the Coalition: to help build an ecosystem and to grow knowledge in the field of cybersecurity! These aspects are part of Toreon’s DNA, as a company that absorbs, creates and shares knowledge with our customers, partners, academia and public services, also with a societal purpose. Clearly, there are many points of convergence between what the Coalition’s focus groups and we are doing, benefiting a solid exchange of expertise.
Specifically, we were invited to help launch the ICS/ OT Security focus group, due to our proven expertise in the field of ICS, medical, utilities and IoT security, both from a technological and organizational point of view. The need for threat modeling in these domains is on the rise, due to stricter regulations, such as in the world of medical devices. Other focus groups we contribute to are the Cloud Security focus group, the Governance, Risk & Compliance focus group and the Enterprise Security Architecture focus group.
Actually, the Coalition isn’t the only organization we share our expertise with. For many years, we’ve been providing training at Blackhat and at O’Reilly events, often leading to ‘in company’ training. OWASP too is a beneficiary, with Toreon donating its ‘threat modeling playbook’ and providing co-leadership in the SAMM (Software Assurance Maturity Model) project, as well as volunteering in the Belgian chapter.
Regarding the third pillar of the coalition – academia – we have a strong collaboration with HOWEST, offering internships to students, as well as with the KU Leuven, concerning research papers and a focus on SAMM for Small and Medium Businesses (SMBs) Furthermore, we reach students all over Belgium as co-organizer of the Cyber Security Challenge!
Finally, yet another focus group of interest is the Privacy focus group, through our participation in the Data Protection Institute training company, complementing Data Protection Officer courses with security courses.
Toreon is a Small and Medium Enterprise. What is your strength as an SME in the Coalition? And what role can you play for SMBs?
Admittedly, in number of employees, we may be ‘small’ or ‘medium’. But we are a ‘pure player’, with a 100% focus on security and data protection. In fact, we may be as big as many security teams in large companies, with these companies often as our customers. So we are a full player, on par with the best.
For SMBs, we offer the advantage of ourselves being small and flexible, with a very pragmatic approach suited to smaller companies, specifically smaller companies providing critical digital services. Furthermore, last year Toreon was selected to participate in a VLAIO framework contract to design and deliver ‘packaged security’ to SMBs, regarding technology, organization, secure development and awareness.
In short, Toreon can offer both top-notch expertise to global companies, as well as cater for the very specific needs of small and challenging companies. And we are strong in providing cross practice implementations, up to and including strong testing capacities for applications, APIs, etc. Through our ‘advise, activate, adopt’-approach, we can serve companies with advice, practical implementation and long-term follow-up. Indeed, most customers end up being long-term customers, availing themselves of subscription-type support.
What challenges does Toreon encounter as a company? How do you attract and keep the right people?
You can compare Toreon to a boutique with highly specialized services, and that is attractive to people who want to stay on top of things. At Toreon, you chat with acknowledged gurus at the coffee, while still enjoying the coziness of a small company, and yet working for top customers. That is why we even attract people from large enterprises, rather than lose people to them. We put big names on their resumes, while sparing them the drudgery and politics of these companies. Why be a CISO at one company, when Toreon is offering CISO-experience at multiple companies through its ‘CISO as a service’-offering?
We also stress the importance of continuous development of our employees, and invest strongly in this. Toreon being a pure player, our people are exposed to many domains of cybersecurity at a level of expertise not available at every company. People at Toreon share their expertise, both informally as e.g. at pizza sessions and formally on people’s learning paths, or in companywide ‘brainshares’.
Also, Toreon is a company with its roots in Flanders, but with an eye to the rest of the world. Indeed, international companies are known to find us even at our ‘3’-phone number!
For a short and easy introduction to the topic of ‘threat modeling’, read Toreon’s brochure ‘Threat modeling done right’ .