*** Rudrani Djawalapersad – Partner EY (this interview is in English) ***

“There is indeed the threats angle. So those are the ransomware attacks, the supply chain attacks, so anything from an outside-in-perspective. That’s the outside world trying to break into the inside element. It is something where I see a lot of organizations focusing on, but I do believe they should focus more on the inside-out-perspective. How do you make sure, and design your security in such a way, that you are not putting holes or vulnerabilities in your environment to begin with? So you need to understand the threats, but you also need to ensure that in design, you are not creating vulnerabilities. I see a lot of organizations focus on the external world, on threats, and I personally believe much more effort should also be focused on the product, on the services that you deliver, to make sure that they are more secure and that you are not putting vulnerabilities in your ecosystem.”
Read the full interview: https://www.leadersinfinance.nl/pre-event-interview-rudrani-djwalapersad/

*** Marco Doeland – Head of Policy Safety & Security + CISO Dutch Banking Association (this interview is in English) ***

“The financial ecosystem is changing very rapidly. Startups and new technologies create many new possibilities and with new possibilities comes new risks. With that, the size and the diversity of cyber threats is also rapidly growing every year. For instance, we see the threat of ransomware, we see the threat of nation state attacks and also the threat of effects to and from third parties, which are very actual and also could have a big impact on the Dutch banks. Within that world, both our customers and society demand that banks put a lot of effort in safekeeping their privacy and security. These things combined, along with the increasing regulation on cyber are putting a lot of pressure and heat into the work. As banks alone, we cannot respond to this efficiently, so we really have to work together as a sector to make this happen in the Netherlands. It’s our ambition to become the most digitally resilient financial sector in Europe.”
Read the full interview: https://www.leadersinfinance.nl/pre-event-interview-marco-doeland/

*** Jacco Jacobs – Head Supervision, the Dutch Central Bank, focusing on IT and operational risks (this interview is in English) ***

“There is never a dull moment in supervision when it comes to addressing cyber risks. For example there is a lot of traction related to policy development. We see this for example in the recent developments around the Digital Operation Resilience Act, DORA in short, which places a strong focus on IT and cyber risks as well – especially when it comes to third parties. Secondly, I like to understand of what goes on at financial institutions when it comes to cyber risk and to mitigate these. We do many inspections at financial institutions, remotely or on site. Through these inspections, we learn together with the financial institution about the cyber risks they are facing, and how these risks can be effectively mitigated in practise. I find this a very interesting dimension of my work. Thirdly, it is not only about policies and inspections, but also about collaboration with the sector and with third parties, for example by sharing information and best practices with each other, and so on. How can we achieve a safer digital world in collaboration with each other?”
Read the full interview: https://www.leadersinfinance.nl/pre-event-interview-jacco-jacobs/

*** Rob Havermans – Security Manager, ABN AMRO (this interview is in English) ***

“It is a very wide and complex field to work in. There are two parts to that. Content-wise I like the fact that it ranges from very technical aspects across all technologies to more functional challenges, including risk management, governance and reporting. Organizationally, it stretches from the work floor to the executive board, and in my situation including supervisory boards and regulators. It is my job to be able to operate on all those levels. So there many different facets to this line of work, and I see myself as the go-between between the different functions that form a part of the cyber security puzzle. It is a big puzzle and a lot of people struggle to oversee the complete picture of it. That is what I enjoy: trying to make these complex things simple.”
Read the full interview: https://www.leadersinfinance.nl/pre-event-interview-rob-havermans/

*** James Hughes – Enterprise CTO, Rubrik (this interview is in Dutch) ***

“DORA is niet simpelweg een aanscherping van bestaande veiligheidsregels. Het is een verschuiving van de manier waarop bedrijven risico’s benaderen en hoe ze moeten reageren bij calamiteiten. Het gaat daarbij niet alleen om het detecteren van gevaar en beschermen van data, maar ook om veerkracht en herstel bij incidenten. Bijvoorbeeld na cyberaanvallen, natuurrampen, pandemieën of technische storingen.”
Read the full article: https://www.banken.nl/nieuws/24541/dora-de-basis-voor-een-veerkrachtige-financiele-sector

*** Mimoent Haddouti – Chief Information and Security Officer, Rabobank (this interview is in English) ***

[With regards to the biggest challenges in Cyber Security] “Firstly, it is a central and key element to create and maintain trust for the transition towards a digitized world, in which many things are blurry and challenges and difficulties are hard to understand. This specifically applies to the financial sector, which is built on trust: trust in keeping information, data and our money safe. Secondly, the regulatory pressure continues to build with developments like DORA, KYC, EBA on outsourcing, NIST2 and coming ransomware legislation. This demands new approaches in risk management, including privacy and cyber security. An important skill in this, which is in need of refinement, is balancing cost and return. Lastly, especially in sectors like IT, Cyber Security and Risk Management, there is a shortage of skilled personnel. Nowadays, more effort is required to attract and retain staff in this competitive labour market. And just keeping staff happy is probably not enough, additional solutions like automation and outsourcing will be required too.” 
Read the full interview: https://www.leadersinfinance.nl/pre-event-interview-mimoent-haddouti/

*** Floor van Eijk – Chief Information Security Officer, NN Group (this interview is in English) ***

“I would say there are several challenges. One of course, is making sure that we have the right people on board. Retaining and attracting talent with the right mindset to keep up with all the developments, making sure that from a security perspective we also embed this in our engineering journey. Nowadays we’re focusing much more on the digitalization of our business, which requires different skills and a different focus on how we deliver our products and services to our customers. We also need to make sure that security is embedded because if something fails it will harm the trust of our customers – I think everyone will understand – it’s a big deal in financial services. Secondly, since we are a financial services company, we are heavily regulated, of course, which is a good thing. Compliance is required, to evidence and make sure we have the right security measures in place. We need to do the right things to ensure that security is not just a tick in the box for whatever the regulator or the auditor requests.”
Read the full interview: https://www.leadersinfinance.nl/pre-event-interview-floor-van-eijk/


*** Lokke Moerel – global expert on new technologies and cyber, professor of global technology & law at Tilburg University, a lawyer in the global data privacy & cyber security team of Morrison & Foerster and also member of the Dutch Cyber Security Council (this interview is in English) ***

“To me, it is that cyber security is one of the most multidisciplinary topics you can imagine. There are the hardcore technical security aspects, there is the continuously changing threat environment, there are geo-political dimensions, there is the human factor, the emerging field of cyber risk management and incident preparedness and response. On top of that we now see cyber security law emerging as a standalone field of regulation rather than as part of other laws (like the GDPR, eIDAS, PDS2, ect).”  
Read the full interview: https://www.leadersinfinance.nl/pre-event-interview-lokke-moerel/

*** Hans de Vries – MD NCSC (this interview is in English) *** 

“Hans: Currently, we have about 250 to 300, depending on how you count. (…) It’s now been eight years.
Jeroen: Is it very different from eight years ago what you’re doing today?
Hans: Definitely. When we started, it was with about 60 people, and it was a more technical affair than it is currently. Now it is about geopolitics, large impact society panels etc. It is very important for the leaders in the industry, whether they are in finance or not, to understand their role. Previously, it was more an IT thing, but it’s not anymore.”
Read the full interview: https://www.leadersinfinance.nl/pre-event-interview-hans-de-vries/