Cybersecurity

How do you perceive the evolution of Luxembourg’s cybersecurity landscape?

Y.B. Over the past few years, we have witnessed a profound transformation in corporate cybersecurity needs, driven by a rapidly expanding market. We now operate in an increasingly complex environment where all companies have adopted digital technologies—or are in the process of doing so. This shift affects not only IT infrastructures and data but also other operational domains in an increasingly digital world.

Security now influences all work tools and professional data, making the protection of information systems critical. For example, when I took charge of the Professional Services department at Proximus NXT about ten years ago, our team had only five engineers. Today, we are thirty-two performing the same types of tasks. This growth partly reflects the heightened importance of security in companies. Cyberattacks, such as those recently recorded in Luxembourg, have a significant impact on business operations and can even threaten their continuity.

Another striking aspect of this evolution is complexity. Security experts now need to be multidisciplinary professionals, mastering networks, systems, and more. Security no longer revolves merely around firewalls and routers with access control lists; it extends to all layers of an information system, including application and user behavior. This complexity is further amplified by the migration to the Cloud, which has created multiple heterogeneous environments.

What does the DevSecOps model bring, and what role does automation play?

Y.B. This growing complexity makes it increasingly difficult for companies to manage security alone. It requires deploying new tools and creating new roles, as well as exercising greater control, particularly in public cloud environments where trust in providers must be balanced by corporate oversight. With new technologies and concepts emerging constantly, companies can feel that they have lost control over their security.

It is therefore essential to understand the unique challenges of each company, identify the most sensitive data, and detect specific vulnerabilities. Organizations must make strategic security choices while managing finite budgets. This often necessitates relying on specialized third-party companies with the expertise to maintain high security standards in a constantly evolving environment. This is precisely where Proximus NXT provides a clear advantage.

How does Proximus NXT support companies seeking to strengthen operational security?

Y.B. Historically, Proximus NXT operated as a general service provider and solutions integrator. Over time, and in response to evolving needs, we developed a set of “service building blocks” to secure our own infrastructure—and, by extension, to safeguard the assets entrusted by our clients.

Today, security is pervasive, affecting every component of information systems. We concluded that it was necessary to unify our capabilities to provide a comprehensive and cross-cutting response to client needs.

Offering a holistic solution means that we can deliver a complete range of services to our clients: security infrastructure, strategic governance advice, risk and compliance management, vulnerability analysis and remediation, penetration testing, security monitoring, alerts, and incident response through our CERT/CSIRT team. We also provide operational support, particularly considering the talent shortage affecting all companies. Our goal is to provide an integrated and transversal approach that addresses all aspects of security and meets our clients’ diverse needs.

How is this objective implemented in practice?

Y.B. Proximus NXT’s cybersecurity strategy focuses on helping companies bridge gaps in their capabilities by providing the “building blocks” they lack. Clients can choose services according to their maturity and specific needs. The key to success lies in effective coordination between our actions and the client’s activities. This includes technical support and continuous guidance, given the constantly evolving security landscape.

Teamwork is essential. Our specialized engineers and technicians collaborate closely, creating synergies for multidisciplinary solutions. For example, during a client vulnerability assessment, we deploy both vulnerability researchers and defense specialists to derive actionable insights, while senior consultants liaise with the client to adapt the infrastructure. This integrated approach combines technology, expertise, and strategy for optimal outcomes.

We adopt an agile, organized structure with multidisciplinary “squads,” each composed of engineers, finance specialists, logisticians, and sales staff, working on specific projects. These squads are grouped within a tribe to operationalize our strategy. This framework allows us to combine competencies effectively and develop new service blocks, ultimately creating more value for our clients.

Our objective is to become the reference in cybersecurity within Luxembourg. This goal aligns with Proximus NXT’s broader strategy, and we invest heavily to achieve it.