Awesome IT 2026

Gerrit Oomens graduated from the University of Amsterdam in 2012 and has since then been involved in development of IT systems and infrastructure at the university and beyond. Nowadays he is responsible for information security and privacy at the Faculty of Science, where he oversees the implementation of security controls, while trying to identify and mitigate cybersecurity risks.

Talk: Security: theory or practice?

In recent years, attention in media and politics for cybersecurity has increased significantly. Large organisations have been targeted by a number of high-profile ransomware attacks and recent conflicts have included attacks on digital as well as physical infrastructure. At the same time, new European and national legislation requires organisations in crucial sectors, including higher education, to implement and demonstrate a wide range of security controls.

In this talk, I will discuss these controls and how effective they are in practice. We will look at real-world examples of cybersecurity risks in large public organisations such as the university. What are the threats that we face and what can we do about them? How effective are government-mandated security controls in mitigating such risks?

Kostas Papagiannopoulos is an assistant professor in the University of Amsterdam, working on applied cryptography and hardware security in the Parallel Computing Systems group (PCS). Before, he was a senior vulnerability analyst at NXP semiconductors in Hamburg, Germany. He holds an PhD in Cryptography and Side-Channel Analysis from Radboud University Nijmegen, an MSc in Computer Security from Radboud University and an BSc/MSc in Electrical Engineering from NTUA, Greece.

Talk: Towards Automated Hardware Security

Abstract: The detailed security evaluation of secure devices is a time-consuming, error-prone and labor-intensive process. The human security analyst is often called to cover a large attack surface within a limited amount of time. In this talk we show our research plans that aim to accelerate side-channel evaluation and countermeasure development by automating both the attack and defense design pipelines. Our end goal is to provide automated tools that can reduce the secure device certification time, while still ensuring a thorough investigation.