Kevin Holvoet

Kevin started in 2014 as a security engineer at Euroclear, where he worked mostly on securing the internal network, making sure authentication to the applications were secure, and helping the incident response team. Since 2017, he has worked for the Centre for Cybersecurity Belgium (CCB) and is currently the Lead of the Threat Research Centre, at the CyTRIS department of the CCB. This allows him to have an (national) overall view on what is happening in different sectors, companies, and organizations. He holds a Master of Science in Applied Informatics, Software Development & Distributed Systems from the KU Leuven, University of Leuven, and a bachelor’s degree of Applied Informatics with a specialization in Application Development from the Katholieke Hogeschool Zuid-West-Vlaanderen in Kortrijk.

More About Kevin


Kevin started working for the CCB in a very early stage, which gave him the opportunity to learn how a Cyber Threat Intelligence (CTI) team is built from scratch and help with big incidents. “A lot of big institutions like NATO and the EU are located in Belgium. This centralized position of Belgium gives us the opportunity to collaborate closely with NATO, and other international organizations located in Belgium. We also work in close collaboration with the Belgian Federal Prosecutor's Office and the Federal Police. Helping to build the CyTRIS (Cyber Threat Research & Intelligence Sharing) team within the CCB, gives me a lot of practical experience.”

Having contact and collaborating with so many international institutions makes Kevin’s job very interesting and challenging. “Being involved in high profile incidents in different sectors gives me a lot of experience with how different sectors and companies work and how companies can improve their security posture. That experience also makes me a perfect person to teach such a broad subject as CTI to students working in all kinds of sectors and with different backgrounds.”

In October 2017, he attended his first SANS course, the SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses. “That week, I learned so much in a very structured way”. Since then he has taken 9 SANS courses in total and he currently holds the GCTI, GDAT, GPYC, GNFA, GCIH, GSEC, GOSI, and GRID GIAC Certifications. “At every course, I was amazed at the knowledge, fun, and enthusiasm the instructors brought. The extra stories these instructors told from their own experience in the field has always been a big plus compared to many courses I've followed outside of SANS”.

His involvement with SANS made him want to become a SANS instructor and share that same experience with his students while showing them how CTI can really help contribute to the security of their company or organization. Kevin currently teaches the FOR578: Cyber Threat Intelligence course. “I want to make the weeks I teach fun and interesting at the same time! Making sure that students can apply CTI in their own organization when they get back and make a difference in cyber security”. His goals as a teacher: “Showing my students how big the impact of well-structured and good intelligence can be, and I hope they will be able to apply everything they learned to do the same in their career.” He also wants to teach his students the different tools, methods, and cycles that can be used to perform well structured Cyber Threat Intelligence. “Making them work with all these different tools and models will help them decide what best fits them and how they can provide the most value for their organization”, he says.

In his spare time, Kevin loves to organize LAN parties every year with his friends in the Brothers in Lan VZW (https://, called Breakout and Viveslan. “It's always great to see over 400 gamers together in one room and enjoy a full weekend of games and other fun activities we organize for them. The events we organize at work also give me satisfaction, when I hear from participants that it was interesting, and they can use the intelligence we shared with them. They can use it to go to their board and persuade them to make the right security investments or the information helps them to focus on key points with the security team in the next three months.”

Kevin also teaches workshops for children aged between 8 and 18 years, working on projects for the hosting system of Mediaraven, VPS’, Virtual servers, CentOS, Apache, PHP, ELK, and OSS security tools.

He also practices Krav Maga, he likes to cook and brew beer.

Get to know Kevin Holvoet:

  • Team Lead of the Threat Research Centre, at the CyTRIS department of the Centre for Cybersecurity Belgium (CCB).
  • Instructor for the FOR578: Cyber Threat Intelligence course
  • Highly experienced in Cyber Threat Intelligence (CTI) since 2015
  • Skilled in Python, C++, C#, networking, system administration, PKI, WAF, English, Dutch. Strong information technology professional with a focus on IT security
  • Master of Science in Applied Informatics, Software Development & Distributed Systems from the KU Leuven
  • Bachelor of Applied Informatics, specialization in Application Development from the Katholieke Hogeschool Zuid-West-Vlaanderen in Kortrijk, now Vives.


Watch Kevin speak at the STAR Livestreaming series with Katie Nickels

Watch Kevin speak at the SASN Emergency webcast about the Russian Cyber Attack Escalation in Ukraine
Read the webcast blog here

Additional webcasts:

YouTube Series: