About

I am an IT consultant and researcher at ICTI, where we provide information security advice and IT reviews to organizations, helping them achieve ISO 27001 certification. Our work includes research and educational projects; recent efforts involve a journal publication on phishing reporting in organizations [2], an article on AI fairness requirements [3] and in-house articles. I also lecture in the Skills for AI course and supervise CS ‘Business Track’ bachelor projects at Vrije Universiteit Amsterdam, as well as teach in the Introduction to AI summer school at Hogeschool Utrecht.

Previously, I completed my PhD-TA at the Security Cluster of Eindhoven University of Technology under the supervision of dr. Allodi and dr. Zannone.

My research explored the interactions between social engineering attacks and human cognition. Phishing attacks exploiting target-related information can be particularly effective and difficult to counteract, therefore my focus lies on characterizing such threats and defending against them with technological and organizatinoal [1,2] methods.

To enable my research, together with my group, we established a Research as a Service collaboration with the Information Services department at TU/e in terms of:

• University as a lab: periodic, structured experimentation within TU/e
• Synchronization of needs and opportunities: feedback loop between my research group and the IS department

The IS department receives:

• evaluations of organizational resilience (e.g., spear-phishing vulnerability and response effectiveness assessment)
• reports and recommendations (e.g., policy effectiveness, security mitigation strategies, testing new ideas)

We receive:

• access to data and infrastructure for research (e.g., phishing attacks, network traffic)
• support and collaboration for deployments (e.g., experiments, involvement in anti-phishing activities)