Third Tech & Meet of the semester, and this one had a different angle. Instead of diving into a specific technical topic, the session was about the bigger picture: who are the organisations protecting Belgium in cyberspace, what do they actually do, and how do you get a job there?

Speakers were Sandro Manzo from the CCB (who at this point is becoming a regular at these things, also being one of my CTI teachers at Howest), Lt Kol Timmie Bonneu from the Belgian Cyber Force, and Tom Hermant from EgovSelect, the recruiter for both CCB and Defence.

Belgium's Anti-Phishing Shield

The thing I found the coolest was BAPS, Belgium's Anti-Phishing Shield. It is not just an awareness campaign telling people "don't click suspicious links." It is an actual protective system. The CCB analyses reported phishing URLs, builds a list of confirmed malicious domains, and shares that list with Belgian ISPs. The ISPs then redirect users at the DNS level, so if you try to visit a known phishing site, you get a warning page instead.

What I find interesting about this from a technical perspective is that it is entirely DNS-based. That means it works transparently for most people without them having to install anything. But it also means you can just change your DNS resolver to something else and bypass it entirely. It is protection for the general population, not a hard block. That tradeoff between usability and enforcement is a neat design choice.

The landscape

A big part of the session was just mapping out who does what. CCB, CERT, FCCU, NCCN, SGRS, VSSE, Cyber Force. There are a lot of acronyms in Belgian cybersecurity, and before this talk I honestly could not have told you how they all relate to each other. Having someone walk through it and explain where each one fits in the national security picture was genuinely useful.

They also talked about the National Cyber Emergency Plan, which is Belgium's playbook for coordinating a response when a cyber crisis hits at national scale. The idea that incident response is not just something individual organisations do, but something that gets coordinated across the country, was not something I had thought about much.

More than one type of "cyber person"

The recruitment part drove home that cybersecurity at this level is not just penetration testers and SOC analysts. They are looking for policy people, legal profiles, cloud engineers, developers, trainers, threat hunters, forensics specialists. The range is much wider than I expected. EgovSelect walked through the actual application process for both CCB and Defence roles, which made it feel concrete rather than abstract.

Takeaways

• BAPS is a clever approach to anti-phishing. DNS-level protection that works for everyone by default, with the tradeoff that anyone technical enough can opt out.
• Belgium has more cybersecurity organisations than I could name before this talk. Now I can at least place them on a map.
• There are more career paths in this field than the obvious ones. Worth keeping in mind.

Thanks to Sandro Manzo, Lt Kol Bonneu, Tom Hermant, and Howest for another solid session.