Olivier Trientz

A Comprehensive Cybersecurity Approach Built Around Six Pillars

Author: Proximus NXT
23/12/2025
Cybersecurity

At a time when half of SMEs could face a cyberattack in the coming years, it is becoming essential to combine protection, risk culture, and a cross-functional approach to ensure effective security. For Olivier Trientz, “it is no longer just about protecting, but about preparing, understanding what truly matters to the business, and developing a global and coherent posture.”

Today, no organization is immune to a security incident. Faced with the growing number of threats—phishing, ransomware, data exfiltration—companies must learn to identify what is truly vital to their operations. It is estimated that in the coming years, one in two SMEs will experience a cyberattack. How can they prevent it?

“Protection is now one of the pillars of a comprehensive cybersecurity approach. But first, you need to know what is essential to protect—what is truly critical to the business,” explains Olivier Trientz. “When ransomware paralyzes systems, management often prioritizes restoring accounting or finance. In reality, business priorities may lie elsewhere. For example, restoring a simple printing system can sometimes accelerate business recovery.”

Assessing Risk Beyond Compliance

From one company to another, critical functions vary depending on the sector and services provided.

“The first step in implementing a comprehensive cybersecurity approach is therefore to analyze risks: understanding assets, vulnerabilities, potential threats, their likelihood, and their impact,” continues the expert. “100% security does not exist. You cannot cover everything due to limited resources. You must choose your battles and allocate budgets based on real risk.”

While this risk-based approach is now required by frameworks such as DORA or NIS2, it goes beyond compliance alone. “You don’t wear a seatbelt to avoid a fine, but to protect your child,” adds Olivier Trientz. “It’s the same with cybersecurity. Compliance should be a consequence, not the driver.”

Six Pillars for a Holistic Approach

Proximus NXT has structured its approach around six complementary pillars covering the entire security lifecycle: prevention, defense, detection, response, proactivity, and offensive security.

  1. Prevention (Governance Pillar)
    The foundation of any approach. It includes risk analysis, security policies, and awareness.
    “This is where the rules of the game are defined. Governance, risk, and compliance (GRC) set the direction. Awareness is about people—training, explaining, and building vigilance,” says Olivier Trientz.
    A single click on a malicious link is still responsible for over 90% of attacks.
  2. Defense
    The concrete implementation of protections: firewalls, email filtering, web gateways, WAF, etc.
    “But not everything should be protected in the same way. Investment must focus on what is critical for the business.”
  3. Detection
    A key foundation to reduce the time between intrusion and response.
    “On average, it still takes 250 days to detect an attack,” he notes.
    SOCs and EDR/MDR solutions, once reserved for large enterprises, are now becoming accessible to SMEs.
  4. Response
    Covers crisis management and forensics.
    “When an attack occurs, you must be able to contain, investigate, and recover.”
    This relies on 24/7 support and expert intervention capabilities.
  5. Offensive Security
    Testing resilience through pentesting, vulnerability scanning, Red Team and Purple Team exercises.
    “You need to challenge both defenses and detection capabilities.”
  6. Proactivity
    Anticipating threats through dark web monitoring, threat intelligence, and detection of fraudulent domains or data leaks.
    “Organizations must develop the ability to detect weak signals early and neutralize threats before incidents occur.”

Toward Cross-Functional Approaches

For Olivier Trientz, one of the main barriers to effective security is organizational silos.
“In many companies, infrastructure teams only talk to infrastructure, business teams don’t interact with IT, and security remains the ‘ugly duckling.’ Too often, security is considered only after development is complete.”

Promoting cross-functionality is essential:
“Security must be integrated from the design phase, just like performance or user experience.”

Building a Risk Culture

In Luxembourg, organizational maturity remains uneven.
“Many SMEs do not have a CISO, sometimes not even a dedicated IT manager. We often speak directly to CFOs or CEOs, and we must explain risks using concrete examples,” says Olivier Trientz.

This requires simplifying the message and making risks tangible:
“In sports, you wouldn’t protect a basketball player with shin guards—that’s specific to football. Security measures must be adapted to the risks.”

This approach helps reposition cybersecurity not as a constraint, but as a driver of business continuity and credibility.
Cybersecurity is no longer just about technology—it relies on risk culture, responsiveness, and collaboration across teams.

Strengthening Resilience

Cybersecurity is becoming a strategic issue and a key factor of trust in relationships with clients and partners.
“A bank will no longer work with a provider that cannot demonstrate cybersecurity maturity,” adds Olivier Trientz.

As both an operator and integrator, as well as a managed security services provider, Proximus NXT is well positioned to support clients in addressing these challenges.

“We already manage over a hundred clients through our data centers and hosting solutions. This gives us a very concrete understanding of their needs and constraints,” explains Olivier Trientz.

This field experience helps avoid overly theoretical approaches.
“We help our clients build pragmatic security by implementing programs tailored to their business reality.”