2025-08-11 –, Delphinus
Language: English
In a world of relentless cyber-threats, MIAUW (Methodology for Information Security Assessment with Audit Value) turns every pentest into a high-impact, traceable mission. This session reveals how its storyline-driven playbook fuses technical exploitation, legal rigor and forensic reporting into a reusable blueprint that regulators love and attackers fear. Expect war-stories, live-demo snippets, and a roadmap to weaponize compliance while clawing back control over risk.
This talk introduces MIAUW — Methodology for Information Security Assessment with Audit Value — a structured approach to penetration testing that goes beyond technical exploits to deliver legal defensibility, governance value, and repeatable insight.
We begin with a familiar problem: many pentests are technically sound but fail to produce lasting impact. Reports are delivered, risks are noted — and then nothing changes. There’s little accountability, no alignment with organizational processes, and limited value for oversight.
MIAUW changes that. It brings structure, traceability, and dual accountability by involving not just the pentester, but also a dedicated auditor. Every step — from planning and scenario definition to execution, reporting, and organizational learning — is part of a documented process. The auditor produces a formal protocol, providing legal and governance-grade assurance over the findings.
In this session, we’ll cover:
- How MIAUW works: from the first conversation to the final deliverables.
Why including an auditor raises the bar for quality, traceability, and board-level trust.
- Real-world stories of organizations that transformed their security posture through structured offensive testing.
- How to get started with MIAUW, even when working with external testing partners.
Whether you're a CISO, security consultant, internal auditor or board advisor, this talk will challenge the way you think about pentests — and show you how to make every test a reusable asset for control and improvement.
Hi! I’m Mischa Rick van Geelen, founder of Anovum B.V., a leading cybersecurity company. I have investigated and resolved large-scale cyber incidents, including the attacks on Hof van Twente and ROC Mondriaan (publicly documented), and have been involved in numerous anonymous incidents. Additionally, I conducted the penetration test on the CoronaMelder app, with the results submitted to the Dutch Parliament, and I actively contribute to the development of the MIAUW methodology.
As a security consultant, incident responder, and digital forensic investigator, I help organizations strengthen their IT security, investigate incidents, and resolve issues. My expertise includes secure software development, network security, and the implementation of EDR/XDR solutions. I also provide workshops and lectures to enhance cybersecurity awareness.
Brenno de Winter is a distinguished cybersecurity expert, ethical hacker, and thought leader known for his relentless commitment to transparency, accountability, and ethical technology. After years in IT, De Winter transitioned to journalism, where he combined his technical expertise with investigative reporting. His work exposed serious security flaws in government systems, corporate networks, and public infrastructure, driving meaningful change. His reporting was characterized by a clear, accessible style that made complex cybersecurity issues understandable to a broad audience. This approach earned him the title of "Journalist of the Year" in the Netherlands in 2011.
He is the cat-father of OpenKAT, an open-source cybersecurity monitoring solution, and led the initiative of MIAUW (Methodiek voor Informatiebeveiligingsonderzoek met Auditwaarde), a structured methodology for penetration testing that has been adopted by organizations seeking to ensure audit-quality security assessments. While MIAUW was his initiative, its development has been a collaborative effort, benefiting from the contributions of other experts in the field.
De Winter is also a respected voice on privacy rights, digital resilience, and regulatory compliance. He regularly speaks on topics such as NIS2, ISO 27001, the GDPR, and the Cyber Resilience Act, offering practical guidance on navigating the complex world of digital regulation. His focus on bridging the gap between technical security measures and organizational governance has made him a sought-after advisor.
Beyond his consultancy work, De Winter remains an active advocate for cybersecurity awareness. He has launched the "Katcast" podcast, where he discusses cybersecurity, privacy, and digital rights, making these critical topics accessible to a broader audience. His passion for teaching and his dedication to ethical technology continue to drive his work, making him a respected figure in the cybersecurity community.