Another Tech & Meet at Howest, this time with Sandro Manzo and Niels Desloover from the Centre for Cybersecurity Belgium (CCB). They also happen to be teachers at Howest, where they teach a course on cyber threat intelligence, so hearing them talk about the operational side of what they do at the CCB added a whole extra layer to what we had already covered in class. The topic was how the CCB turns raw threat data into something organisations can actually act on.

Belgium's cyber shield

The thing that impressed me the most was getting a proper look at what the CCB actually does day to day. Belgium consistently ranks as one of the least vulnerable countries in the EU when it comes to cyber, and hearing the work that goes into maintaining that was eye-opening. It is not just one big system. It is a collection of projects and processes that all feed into each other.

They walked us through a few of these: BePhish, which tracks and analyses phishing campaigns targeting Belgium, Red Button for rapid incident response, and the one I found the coolest, Spear Warning.

Spear warnings

Spear Warning is the CCB proactively reaching out to specific companies or organisations when they detect that those targets are about to be hit or are being actively targeted. Not a generic advisory that goes out to everyone, but a direct, targeted heads-up: "we see something aimed at you, here is what we know."

What makes that impressive is the speed. The presenters mentioned cases where the CCB's notification reached organisations before patches were even available for the vulnerabilities being exploited. That kind of turnaround only works because they are constantly monitoring and have the infrastructure to act on what they find quickly.

From data to action

A big part of the session was about the difference between having threat data and having threat intelligence. Data is just noise until someone puts it in context: who is targeting you, why, with what techniques, and what you should do about it. The CCB's job is that translation layer, taking the raw signals and turning them into something a company's security team can work with.

It tied in directly with what Sandro and Niels had been teaching us in their CTI course, but hearing the same concepts from the perspective of their actual work at the CCB made it feel a lot more concrete. The classroom version gives you the frameworks. This gave you the "here is what it looks like when it matters."

Takeaways

• The CCB is doing more than I realised. Belgium's position in EU cyber rankings is not an accident.
• Proactive threat intelligence (like Spear Warning) is way more valuable than reactive advisories. Timing is everything.
• Threat intelligence is not a tool you buy. It is a process of turning data into decisions.

Thanks to Sandro Manzo and Niels Desloover for a solid session, and to Howest for keeping these Tech & Meets going.