Meet the Expert, Bert de Jong

"You have to enjoy being a digital Sherlock Holmes"
You might expect organisations in 2025 to have their cyber security in order, but nothing could be further from the truth. “Unfortunately, it is still a major problem,” says Bert de Jong, Principal Expert Cybersecurity at Sopra Steria. We sat down with him to talk about his work, the role of a Security Operations Center (SOC), and whether artificial intelligence (AI) will truly change the industry.

What exactly does a Principal Expert Cybersecurity do?
“As a Principal Expert Cybersecurity, I deal with complex issues in the field of cybersecurity, such as the impact of AI and the influence of geopolitical threats. I’m also heavily involved in developing our SOC team and coaching colleagues. In addition, strategy and business development are important focus areas. I also represent Sopra Steria externally by attending events and trade fairs, giving presentations, and writing blogs. After the recent NATO summit in The Hague, for example, I wrote a blog about handling threats in relation to temporary events.”

What is a SOC, and what does a SOC team do?
“A Security Operations Centre (SOC) is a team of specialists that monitors networks and systems 24/7 for suspicious activity. We analyse alerts from security tools, respond to incidents (incident response), and carry out threat intelligence – that’s the process of collecting and translating threat information into detection rules, which form the basis for proactive threat hunting. We also conduct forensic investigations and detection engineering. The goal is to identify and mitigate or prevent threats as quickly as possible, so that the impact on an organisation is minimal.
We mainly work for governments, financial institutions, and municipalities. Increasingly, we collaborate with other SOC teams across Sopra Steria, enabling us to pool our strengths. Within Europe alone, we have around 2,000 security professionals who can draw on each other’s expertise. This allows us to share knowledge about, for example, new threat intelligence or useful tools.”

How did you get into IT?
“After secondary school, I joined the Ministry of Defence helpdesk through a temp agency. Two years later, I moved to the Defence SOC and discovered my passion for security. I then worked at the National Cyber Security Centre (NCSC), focusing on incident response and threat intelligence. Later, I returned to Defence to work on securing the defence industry. After running my own business for several years, I joined Sopra Steria as Principal Expert Cybersecurity.”

What are the biggest challenges in cybersecurity?
“The first is finding and keeping skilled people. Worldwide, it’s estimated that an additional one million cyber specialists are needed to handle the workload.
The second challenge is that, even in 2025, many companies still don’t have their basic security in place. This includes things like multi-factor authentication (MFA), backups, keeping systems up to date with the latest updates and patches, understanding your risks and threats, and securing workstations. I can’t stress enough that if you have the basic measures in place, combined with an ongoing risk management process, you’re already a long way towards greater cyber resilience. Why is this still such a big problem? It’s about commitment, money, available people and resources, and where responsibility lies within the organisation. I still regularly encounter companies saying: ‘What do I have to protect? I’m not interesting.’ Or they simply don’t want to spend the money. It’s no surprise that our Red Team can often walk straight through security during a penetration test.
Another challenge is staying ahead of cyber attackers. It’s the classic cat-and-mouse game, with attackers constantly coming up with new methods and us having to anticipate them. While total security is impossible, a solid risk-based approach can block 80–90% of attacks.
Finally, it’s vital to raise awareness about cyber risks, as people remain a vulnerable – though not the weakest – link. You can’t expect an employee to recognise malicious activity every single time. In fact, if an employee accidentally clicks on a phishing link compromising your organisation, the problem lies in your security setup.”

What makes your work challenging?
“It’s the variety that keeps it exciting. Alongside day-to-day operational leadership of a team of security specialists, I’m involved in all sorts of activities: sometimes it’s detection engineering, other times it’s incident response, or giving an operational briefing to a client about their threat landscape. At other times, I’m working on a major tender or attending a conference. No two days are the same.”

Which project are you most proud of?
“One of the most exciting projects I’ve worked on was detecting an employee attempting to exfiltrate data. Thanks to our data exfiltration monitoring – where we watch for unusual transfers of data from a system or network – we were able to prevent the theft. Had the employee succeeded, it could have had serious consequences for the organisation.”

What’s your view on using AI to combat cybercrime?
“We’re exploring AI’s potential, but I’m cautious because I’m not yet convinced it will deliver on all the promises for cybersecurity. AI offers opportunities, particularly for analysing multiple sources of information, but I see risks in losing human inventiveness and creativity. What I fear – and what we must avoid – is using AI for every little thing, running a prompt, and relying solely on the output. You’re only as good as the prompt you enter and the AI you use. With incidents, we currently rely on human inventiveness and out-of-the-box thinking to determine what’s going on. If we lean too much on AI, I fear we’ll lose that experience, which would be a shame. I’m not saying we shouldn’t use AI, but we need to consider the risks. AI is not the silver bullet, it’s a tool and we should treat it as such.”

What advice would you give to someone interested in cybersecurity?
“Cybersecurity has many facets, so start by exploring its different areas to see what excites you. Take part in free online challenges like Capture the Flag and TryHackMe. It’s a safe way to practise, build your skills, and learn the basics of computers – operating systems like Windows and Linux, routers, switches, network ports, protocols, and so on.
I think it’s more important for someone to have an intrinsic motivation for cybersecurity than to already possess specific technical knowledge – we can teach the latter. We’re especially looking for motivated, curious people. You need to enjoy being a digital Sherlock Holmes.”