2025-06-19 –, Classroom 4 - CLUSIL track
Key success factors in combating cybercrime are well known and primarily focus on exchange of information. However, there remain significant constraints and hesitations that limit the willing of sharing and have yet to be adequately tackled. Explore some cutting-edge solutions and technologies to overcome these obstacles and enhance information sharing for a stronger collective security stance.
Data sharing is notably the most efficient manner to fight cybercrime as it enhances the capabilities of collaborating by sharing Tactics, Techniques, and Procedure used by attackers. However, good practices are often challenging to implement due to hurdles like 1) compliance and regulatory constraints, 2) time constraints for sharing and processing shared information, and 3) perceived lack of value in the information. These barriers hinder the dissemination of crucial information that could improve attack detection and response.
This session will address each of these obstacles by identifying strategies for mutualizing data without revealing the data itself. To do this, I will explain how to remove barriers limiting information sharing by leveraging the data mesh—where the interpretation, rather than the raw data, is shared—and by using advanced technical solutions such as Federated Learning— where only the AI model's parameters are shared instead of the training data—and Fully Homomorphic Encryption—which allows operations on encrypted data without revealing the data itself—. These technologies used within a specific ecosystem will both help bypass regulatory hurdles while strongly elevating the value of data and the competitive advantage against cybercrime by dismantling existing barriers that prevent sharing.
Attendees will be informed how this approach contributes to the compliance with regulatory frameworks like NIS2 and DORA applicable to any corporation doing business with European customers also to gain insights from the success of Luxembourg's first ISAC for the manufacturing industries. The session will also review Luxembourg's National Cybersecurity Strategy, which aims to enhance cybersecurity capabilities by implementing a national network of probes and by introducing sectoral Security Operations Centers. The latter to fortify national defenses against organized attacks targeting economic sectors, critical infrastructures and the society at large.
Attendees will leave this session with a comprehensive understanding of how some advanced technologies can remove barriers to increase the volume and type of shared information while ensuring compliance with regulatory standards that leads to a more secure global community. My goal is to sensitize the audience on how to reduce the usual reluctance when it comes to information sharing by demonstrating how to use processes and technologies at community scale to protect the society at large.
Cédric Mauny is Strategic Advisor, Cybersecurity at Proximus NXT and current President of CLUSIL, the information security club in Luxembourg. With more than 20 years of experience both in Luxembourg and in the cybersecurity (battle)field, Cédric got specialized in management and governance of the information security, standardization, awareness and training but also in technical fields such as security audits or security event management.
Before, holding his current position, Cédric was Head of Cybersecurity Services by leading a team of 23+ pre-sales and technical consultants in Security Operations Center, Ethical Hacking, Governance-Risk-Compliance and Incident Response. Since 2015, Cédric successfully co-led the ISO 27001 certification program of Telindus’ Managed, Outsourcing, Cloud and CyberSecurity services. Cédric is certified CISM, CISSP, CRISC, ITILv3, ISO 27001 Implementer and ISO 31000 Risk Manager. Cédric is also very active within the Luxembourg’s cybersecurity ecosystem as founding member and board member of several professional associations in the field and currently hold the Chair of CLUSIL.
Cédric is also lecturer, speaker and moderator at various security conferences.