Howest organises these "Tech & Meet" sessions every now and then where someone from industry or government comes in and talks about their work. This one was led by Ir. Martin De Pauw and covered how NATO's cyber defence grew from a niche corner of information security into a fully recognised operational domain. I went in expecting a dry history lesson. It was not that.

From "IT problem" to operational domain

The core arc of the talk was the timeline of how NATO started treating cyber. For a long time it sat under information security, a support function, not something commanders thought about during operations. That changed in 2016 when NATO officially recognised cyberspace as an operational domain alongside land, sea, and air. Martin walked us through the incidents and political shifts that made that happen, and hearing the actual sequence of events made it click in a way that reading about it in class never quite did.

The collaboration angle

The part that stuck with me the most was how much of NATO's cyber capability depends on working with people outside the military. Private companies, universities, research institutions. The military simply cannot keep up with how fast the tech moves on its own, so these partnerships are not nice-to-haves, they are load-bearing.

Martin also talked about how messy that collaboration gets in practice. Military structures and civilian organisations do not think the same way, they have different priorities, different cultures, different speeds. Making that work is apparently one of the harder problems they deal with, and honestly it is not something I had thought about much before. I tend to think of cybersecurity challenges as technical, but this one is almost entirely organisational.

The human side

There was a recurring theme through the whole talk: the tools are not the hard part. People are. Training, awareness, structured decision-making, trust between teams. You can have the best detection stack in the world and still get burned if the people using it do not communicate well or do not understand the risks they are managing.

That lines up with something I have been noticing more and more in my courses at Howest. The technical skills get all the attention, but the governance, risk, and compliance side is where things actually fall apart in practice. It was good to hear someone from NATO basically confirm that.

What I'm taking away

• Cyber defence at scale is an organisational problem as much as a technical one. Probably more.
• The fact that NATO needs civilian partners to function in this space says something about where the expertise actually lives.
• Sessions like these are a good reminder that the "boring" side of cybersecurity (process, coordination, governance) is where the real impact happens.

Thanks to Martin De Pauw and Howest for putting this on. These Tech & Meet sessions keep being worth showing up for.