MF Alliance Interview with Olivier Antoine, POST CyberForce

Olivier, could you kindly introduce yourself?

I was Chief Information Security Officer and Head of the Advisory team at EBRC from 2008 to 2015, since 2015 I have been in charge of the Information Security Management team within the CyberForce department of POST Luxembourg. The ISM team implements, maintains and monitors the Information Security Management System for all POST Luxembourg and POST Telecom entities. In close collaboration with Risk Management, Personal Data Management, Compliance and Legal, the ISM team focuses on information security risks and their governance. In my job, I like the fact that I constantly need to monitor the evolution of the standards, rules and regulations, which apply to our entities. My activities also allow me to share my knowledge of cyber security with POST employees to raise their awareness of information security.

What motivated you to become part of the MF Alliance?

As soon as I arrived at Post, I was put in touch with MindForest and more particularly Benjamin because I was looking for a partnership with a company that would allow me to carry out fun and entertaining awareness activities.  After a few years of collaboration, the idea of a partnership came naturally to us in order to reproduce what we had carried out internally at Post for our respective customers.

Could you explain a bit more about your proposals, CyberForce and the collaboration with MindForest? How did it come to light?  

CyberForce’s offer covers a wide range of services grouped under 5 pillars

  • Offensive Security (penetration tests, Read Team exercises, Forensic activities, …)
  • Advisory Services (Governance, Risks and Compliance, Business Continuity, Cybersecurity advisory and training, …)
  • Professional Security services (installation and managed services on security solutions (FW, IPS, Antimalware, DLP, …)
  • CyberDefence (Security Operations Center and Computer Security Incident Response Team, …)
  • CyberLabs (innovation and research on security solutions, …)

The collaboration with MF makes it possible to add an additional layer to these services to develop a cybersecurity culture:

  • Helping companies to set up their Information Security Management System (ISMS) and related security organization.
  • Helping companies to adopt good information security practices and disseminate them to their employees.
  • Accompanying companies in the changes necessary to implement a cybersecurity culture
  • Creating awareness and understanding about the human factor with regard to cybersecurity and risks due to inattentive behaviour.

 What has been your most fun memory in raising awareness around the topic of Cybersecurity?  Do you perhaps have an anecdote to share with us?

The funniest memory was during an awareness mission for a famous company in the banking sector located in Belgium. In order to make its users aware of physical security, the client asked me to take a secure wheeled bin out of the building without using the access badge that allowed me to open the doors. Strange as it may seem, no one asked why a person in a suit was walking around the building with a secure bin and worse still, as I did not have an access badge, the employees opened the various secure doors of the building for me.

What advice can you give to those who want to dig deeper into setting up a “cyber-secure » environment in their business?

To contact us of course 😊

Joking apart, we must remain reasonable and not have overly ambitious objectives that cannot be met.

Information security and its management as mentioned by the ISO/IEC:27001 standard must be continuously improved.

Why this standard? The standard provides a framework for the implementation of an Information Security Management System (ISMS). It aims to set up a security management system in the company and to ensure its continuous improvement according to the Plan – Do – Check – Act cycle, within a pre-defined perimeter.

The choice of measures and level of security is then made according to the risks identified. Risk-based management requires strong commitment from management: not only to validate these risks, but also to provide the resources – financial, human and technical – needed to implement the action plans.

While many companies around the world already apply this standard, in Europe companies still seem reluctant to adopt ISO 27001 and are even less keen to extend this approach to certification, which is still too often perceived as a long and costly process. However, adopting this approach is the best way to put the whole company on the move towards greater security awareness.

Do you want to learn more about the MF Alliance and all our experts offerings?

Check out the MF Alliance page and contact us today!

Email: info@mindforest.com

Téléphone: +352 43 93 66 67 70