Login to profile

About us

We have been active in the region for many years and support companies and individuals across Europe. We are committed to the EU, and work closely with members here creating a truly global cyber security organisation.

Europe is our first chapter in the region and it is managed by the Europe Council of elected member company representatives. The Chair of the CREST Europe Council,  Rodrigo Marcos Alvarez, sits on our International Council.

We actively encourage the formation of new chapters and councils.

In parallel with our other Regional Councils, the Europe Council’s objectives are to build capability, capacity, consistency and community in the global cyber security industry and to support internationally recognised schemes by working with governments, regulators, buyers and suppliers in the region.

These goals help to enhance cyber resilience, open up markets for our member companies operating in the region and to create opportunities for CREST qualified individuals.

We offer a full range of disciplines in the market:

  • Penetration Testing
  • Incident Response
  • Threat Intelligence
  • Security Operations Centres

Meet the Europe Council

Members of the Europe Council were elected in December 2021.  They will serve for three years at which point, to ensure continuity, half will retire by rotation by mutual agreement and be eligible for re-election for a further three-year term if they so wish.  The other half will retire by rotation the following year.

The serving Europe Council Members are listed below in alphabetical order. Hold your cursor over each for more information.

Peter Bassill

Hedgehog Security. Vice-Chair of Europe Council

[Portfolio: Incident Response]

With an unwavering commitment to the Information Security realm since 1999 and a comprehensive IT journey dating back to 1996, I bring a distinctive blend of profound technical prowess and strategic business acumen.  My professional journey encompasses a rich history of hands-on experience in information systems operations, network engineering, and information security management.  Notably, my pursuit of excellence has been underscored by a myriad of technical certifications, including the prestigious Certified Information Systems Security Professional (CISSP). Recognized as a community leader in Payment Card Industries Data Security Standards, my dedication to the field was further acknowledged in 2009 when I secured the runner-up position in the SC Magazine’s Information Security Person of the Year.

Currently steering the helm as the CEO of a distinguished Cyber Security firm, I strive to advance technological knowledge and drive positive change not only within my organization but across the broader industry landscape through active participation in governing bodies.  Navigating the complexities of the Cyber Security sector, I foster the development of tomorrow’s leaders and possess a nuanced understanding of emerging technologies’ implications for the broader business environment.

Simon Cecchini

LRQA

[Portfolio: Penetration Testing]

Simon has 13+ years of experience in Cyber Security.  He taught Penetration Testing classes at both BSc and MSc levels. He owns the following certifications: CISSP, CCSP, PMP, SEPP.  Simon completed his BSc in Computer Science in 2019 and his MSc in Computer Security and Systems Forensics in 2011.

His publications include several ethically disclosed zero-day vulnerabilities, CVEs as well as book chapters and scientific papers.  Simon’s passions include martial arts, motors and humans’ behavioural threats studies.

Jon Christiansen

Mandiant

Based in Copenhagen, Denmark, Jay leads the EU/UKI Red Team for Mandiant. His specialist background is in red team engagements, simulated targeted attack scenarios and purple team exercises and he created the technical ransomware assessment and threat-intelligence led methodologies and offerings within Mandiant.

His research is currently focuses on adversarial simulation of FIN/APT groups, ransomware behaviour and strategy, and on building custom payload and C2 tools to match the capabilities of these advanced threat actors. He still leads the large-scale red team engagements for client across all industry verticals and Critical National Infrastructure (CNI) throughout Europe, the Middle East and the US.

Rodrigo Marcos Alvarez

Chair
SECFORCE Ltd

[Portfolio: Cyber Leaders Forum]

Rod is the CEO of SECFORCE Ltd, a penetration testing and red teaming consultancy. Rod also contributes to the security community by leading an OWASP chapter, mainly driven by the goal of increasing security awareness and providing an opportunity for individuals to acquire technical offensive security skills.

With 20 years of experience in offensive security, Rod has a strong technical background. Even though he still enjoys getting involved in the technical aspect of security and getting his hands dirty in “low level” stuff, Rod’s professional goals are around creating a rewarding and inspiring work environment, helping solve customer challenges and make this world a safer place – one IP address at a time.

Iraklis Mathiopoulos

Obrela Security Industries

[Portfolio: SOC]

Iraklis is currently the Chief of Service Delivery for Obrela Security Industries. He is responsible for supporting Obrela’s Resilience Operation Centers that provide Obrela’s MDR service to enterprise organizations across the globe. He has previously held Global Cyber roles in the UK and Greece and specialises in providing assurance across a diverse set of industries and geographies

Pieter Meulenhoff

Resillion

Pieter has two kids and a dog and lives in the Netherlands. He works as an advisor for Resillion, which is a global organisation specialised in security testing and test automation of digital equipment, where he is responsible for QA reviews, interns and training. His expertise is focussed on IT security and quality over a broad spectrum, from embedded systems, to datacenters, applications and software. He is also connected to several applied universities in the Netherlands where he provides courses on the topic of secure programming and IoT device security. While security can be a tough subject, Pieter’s goal is always to share his passion for the security field. At CREST my goal is to help further increase the network of CREST in the European union, especially at educational institutions.

Bruno Morisson

Devoteam Cyber Trust

[Portfolio: Research]

Bruno is a Partner and Director of Penetration Testing Services at Devoteam Cyber Trust, a cyber security consulting company . With more than 21 years in the information security industry, he’s been responsible for managing and delivering penetration testing projects to clients in multiple industries, from retail, to energy, healthcare, finance, and government, to name a few. He’s been actively involved in the security community having founded the Portuguese association for the promotion of information security (AP2SI) and the BSidesLisbon security conference.

Bruno holds an MSc. in Information Security from Royal Holloway, University of London, and several International certifications such as OSCP, GPEN, CISSP-ISSMP, CISA, ISO 27001 Lead Auditor and ITIL.

Steve Purser

CSPRO Services BV,
Co-opted member

Steve Purser is an independent security consultant with over 30 years’ experience.  Between 1985 and 1993 he worked in software development and IT networking. Between 1993 and 2008 he occupied Chief Information Security Officer (CISO) level posts in CETREL, the Banque Générale du Luxembourg and Clearstream Services.

Steve joined the the EU Cybersecurity Agency (ENISA) in 2008 as Head of Operations, a post he held until 2021, where he was responsible for strategy and for execution of the annual work program. He subsequently held the posts of Chief Technology Officer and Policy Advisor to the Executive Director.

Steve has a Batchelor of Science in Chemistry and a doctorate in Chemical Physics. He has been a regular speaker in international conferences for many years and is the author of ‘A Practical Guide to Managing Information Security’ (Artech House, 2004).

Wiebe Ruttenberg

Security Alliance. Co-Opted member

With more than 25 years in public service, Wiebe joined SecAlliance as Director of Strategy, August 2021. Prior to this he worked in senior policy roles at the European Central Bank (ECB), first as Head of the Market Integration Division (2006- 2015) and finally as programme director focusing on technological innovation and cyber resilience across the financial sector (2016-2021).

In his latter position, he chaired the ESCB Task Force on Cyber Resilience Strategy for Financial Market Infrastructures, managed the Secretariat of the Euro Cyber Resilience Board and was member of the European Systemic Cyber Group of the European Systemic Risk Board. The European cyber testing program TIBER-EU and the European Cyber Information and Intelligence Sharing Initiative (CIISI-EU) were developed and rolled-out are under his responsibility. Before joining the ECB in 2006, he worked in senior roles at De Nederlandsche Bank and the Dutch Ministry of Finance.

Adriaan Schuitmaker

Deloitte

[Portfolio: Academia]

Adriaan, with a solid 10-year background in information security, currently serves at Deloitte Netherlands. His role primarily involves conducting technical offensive security assessments such as ethical hacking, penetration testing, and breach and attack simulations. This work contributes to improving the cyber defense of various organizations.

Also involved in vulnerability management projects, Adriaan focuses on the identification and mitigation of security threats. His approach is practical, rooted in his extensive experience and a suite of certifications, including CISSP, OSCP, OSCE, and GXPN.

Working collaboratively with a dedicated team, he balances technical knowledge with a clear understanding of business needs. This balance aids in aligning security measures with organizational goals. Adriaan emphasizes the importance of a well-rounded perspective in information and offensive security, particularly in the context of the current digital landscape.

Olle Segerdahl

F-Secure

Portfolio: Intelligence-Led Testing]

Olle is a veteran within the IT security industry, having devoted himself to both “breaking” and “building” security solutions for over 20 years. Since his appointment as Principal Security Consultant at F-Secure in 2016, he has established a new security consulting practice in Stockholm, Sweden, that has grown into a team of 12 expert consultants serving some of the biggest and most targeted organizations in Sweden.

At F-Secure, Olle is also actively engaged in improving consulting practices and methodologies to provide better assurance for clients in new and more efficient ways. Olle is a regular speaker at information security conferences and is also a co-founder of one of them, the popular SEC-T hacker conference in Stockholm.

Nacho Sorribas

NCC Group

Nacho is currently a Principal Security Consultant on NCC Group, company he joined in 2015 as a consultant with more than 6 years of experience in information security and penetration testing. He has grown at NCC Group until he became Principal Consultant by delivering different kinds of security assessments, from external/internal infrastructures, web applications, cloud, source code review and threat models. He is also part of the Full Spectrum Attack Simulation team within NCC Group where he is acting as an Attack Manager on different kinds of attack simulation assessments.

Nacho has been an IT security enthusiast since he was a child and laid his hands on a Commodore 64, and he has never stopped learning new things since then.   At CREST, Nacho aims to be able to share some of his knowledge, helping to improve certifications and examinations, and contributing to increase CREST presence in the European Union.

Focus Groups

CREST Focus Groups help us to continually monitor best practice in Penetration Testing, Threat Intelligence, Incident Response, Intelligence-Led Testing and SOC. To see the relevant Focus Groups for Europe, please visit our Focus Groups page.