Education Research Current About VU Amsterdam NL
Login as
Prospective student Student Employee
Bachelor Master VU for Professionals
Exchange programme VU Amsterdam Summer School Honours programme VU-NT2 Semester in Amsterdam
PhD at VU Amsterdam Research highlights Prizes and distinctions
Research institutes Our scientists Research Impact Support Portal Creating impact
News Events calendar Biodiversity at VU Amsterdam
Israël and Palestinian regions Culture on campus
Practical matters Mission and core values Entrepreneurship on VU Campus
Organisation Partnerships Alumni University Library Working at VU Amsterdam
Sorry! De informatie die je zoekt, is enkel beschikbaar in het Engels.
This programme is saved in My Study Choice.
Something went wrong with processing the request.
Something went wrong with processing the request.

KINTalk: From Incidents to Innovation — UWV’s Cyber Defence Center

Share
21 November 2025
How do you protect millions of citizens, thousands of employees and highly sensitive data in an increasingly hostile digital world?

That question was at the heart of the latest KINTalk “From Incidents to Innovation – UWV’s Cyber Defence Center”, hosted by the KIN Center for Digital Innovation at Vrije Universiteit Amsterdam.

Students, researchers and professionals from inside and outside VU came together to get a rare look behind the scenes of the Cyber Defence Center (CDC) of UWV, the Dutch Employee Insurance Agency. With more than a billion log events per day, millions of attacks on their websites each month, and 1.2 million clients receiving benefits, UWV’s digital footprint makes it an attractive target for cybercrime. The CDC is responsible for detecting and responding to these threats while safeguarding personal and medical data.

From “best effort” SOC to specialised Cyber Defence Center

Nicholas explained how UWV’s security organisation has evolved over the past years. What started as a relatively small, multidisciplinary Security Operations Center (SOC), where “everyone did everything”, has gradually developed into a specialised Cyber Defence Center with clear roles and responsibilities.

Today, blue-team and red-team activities are separated:

  • Blue team – Security Operations focuses on cyber threat intelligence, vulnerability management, security engineering and the day-to-day work of the Security Operations Center.
  • Red team – Security Testing is responsible for penetration testing, secure software development support and offensive security exercises that continuously probe UWV’s defences.

This specialisation has increased focus, improved quality, and created more room for continuous improvement and innovation. It has also given security a more visible and strategic role within UWV.

Technology choices and data sovereignty

A second theme of the KINTalk was the transition from IBM QRadar to a Microsoft-based security stack. This migration is not just a technical project: it requires redesigning detection rules, rethinking workflows and upskilling the security team. At the same time, relying heavily on a single vendor introduces new strategic and geopolitical risks that must be managed.

Data was another recurring topic. With enormous volumes of log data and security-relevant information, the CDC has to be selective about what it stores and for how long. Storage costs, privacy regulations and operational usefulness all play a role. The speakers described how the team increasingly has to “dehydrate” data (reduce its volume while keeping key information) and make conscious decisions about retention.

All security-relevant data is hosted in EU-based data centres, reflecting UWV’s responsibility for highly sensitive personal and medical data and the importance of data sovereignty for public-sector organisations.

Security as a moving target

The session also highlighted how legal and policy changes constantly drive new IT systems. UWV currently manages around 600 active applications. When legislation changes – for example, around benefits or pensions – new systems or major adaptations are often needed. Each change triggers questions about security impact:

  • Can a small modification be approved with lightweight checks?
  • When is a full penetration test necessary?
  • How do you ensure that seemingly small details, such as the format of a postal code field, do not open the door for abuse?

These examples made clear that cybersecurity at UWV is not a one-off project but a continuous process of assessing risk, prioritising scarce resources and embedding security in day-to-day development and operations.

Bridging research, teaching and practice

For KIN, the KINTalk series is a way to connect academic insights on digital innovation with real-world practice. This session showed how topics we study and teach – such as digital transformation, data governance and AI-enabled security operations – play out in a large public organisation with a critical social mission.

Participants left with a richer understanding of the technical, organisational and strategic dimensions of cybersecurity, and with a renewed appreciation of the people working behind the scenes to keep essential digital services running safely.

KIN Newsletter

Subscribe now to stay ahead with research insights, collaborations, and educational opportunities 

Want to know more?

Please do not hesitate to contact us

Phone: +31 (0)20 59 86185

Quick links

Homepage Culture on campus VU Sports Centre Dashboard

Study

Academic calendar Study guide Timetable Canvas

Featured

VUfonds VU Magazine Ad Valvas Digital accessibility

About VU

Contact us Working at VU Amsterdam Faculties Divisions Privacy Disclaimer Safety Web Colophon Cookie Settings Web Archive

Copyright © 2025 - Vrije Universiteit Amsterdam