The Google Security Gap Nobody Talks About with Florbs founders Niek Waarbroek and Tycho Klessens

In this episode of Cyber Security District, we sit down with Niek Waarbroek (Founder & CTO) and Tycho Klessens (CEO) of Florbs, a Dutch startup transforming file security inside Google Workspace. What started as a simple set of admin scripts has evolved into a powerful SaaS platform, used by global enterprises to automate onboarding, offboarding, and prevent accidental (or malicious) data leaks. Niek shares how his frustrations with error-prone onboarding flows inspired him to build smarter tools, and how a lack of visibility into shared files became a real security threat for many organizations. After bootstrapping Florbs for three years, he crossed paths with Tycho, then a VC investor, who not only became the commercial co-founder, but helped raise €1 million to scale the team. Together, they discuss the power of building with product-led growth, how they’re scaling without wasting capital, and why real file security goes beyond Google’s default settings. They also explain why early-stage cybersecurity startups need more than funding, including focus, clarity, and the right partner chemistry. In this episode, we cover: The original problem Florbs set out to solve inside Google Workspace Why offboarding is one of the biggest overlooked security gaps How ex-employees still access company data without detection From custom scripts to a full-fledged SaaS product Product-led growth without a sales team or marketing budget Raising €1 million from angel investors and CISOs Going from solo founder to building a complementary co-founder team How they’re building safe, reversible file actions with real-time insights Expanding into AI-powered detection and cross-platform collaboration security Lessons learned transitioning from VC investor to cybersecurity CEO Whether you're a CISO, founder, or operator working in Google Workspace or building a startup yourself, this episode shows how automation and visibility can finally close one of the biggest blind spots in modern file security.   Timestamps: 00:00 – Intro 01:15 – What Inspired Florbs: The Google Workspace Problem 03:40 – Why Onboarding & Offboarding Create Risk 06:00 – Real-World Cases: Ex-Employees Accessing Confidential Docs 08:45 – Building from Admin Scripts to Full Product 11:30 – Why Google Alone Doesn’t Cut It for File Security 14:50 – The Origins of the Name “Florbs” 18:10 – Google Developer Expert Status & Product-Led Growth 21:00 – Meeting Tycho: From VC Investor to Co-Founder 25:30 – The First Pitch, the Missed Investment & The Unexpected Partnership 30:40 – Raising Smart Capital (Not Just Any Capital) 34:00 – Scaling Carefully: Where the €1M Will Go 37:20 – Building Automated Security Workflows 40:15 – Preventing AI-Fueled Phishing & Lookalike Domain Attacks 44:00 – Hiring Philosophy, Co-Founder Chemistry & Startup Reality 49:00 – Final Advice for Entrepreneurs & First-Time CISOs 52:30 – One Signal Message to CISOs: Don’t Block Everything   Connect with the guests: Niek Waarbroek: https://www.linkedin.com/in/niekwaarbroek/ Tycho Klessens:https://www.linkedin.com/in/tycho-klessens-a215abb7/ Learn more about Florbs: https://florbs.io Follow Cyber Security District: Laurens Jagt (Host): https://www.linkedin.com/in/laurensjagt/ Website: https://www.cybersecuritydistrict.com All channels & newsletter: https://beacons.ai/cybersecuritydistrict

In this episode of Cyber Security District, we sit down with Seemant Sehgal, founder and CEO of Breachlock, one of the fastest-growing offensive security companies in the world. Seemant’s journey took him from a small town in Northern India to leading global cybersecurity teams at ING Bank, before founding a startup that’s now active in over 20 countries. At Breachlock, Seemant is rethinking how offensive security is done. His platform combines automation, AI, and human-led red teaming to deliver scalable Pen Testing as a Service (PTaaS) that addresses the growing inefficiencies of traditional penetration testing. Seemant has built a globally distributed company operating in over 20 countries, while staying close to the ground truth of cyber operations and keeping his team deeply connected to the challenges that security teams face every day. In this episode, we cover: Building a global cyber career without a linear path Lessons from running cybersecurity at ING Bank The inefficiencies of traditional pen testing Starting BreachLock with automation and AI at the core Launching Adversarial Exposure Validation (AEV) Balancing AI and human expertise in offensive security Leading a remote team across 20+ countries Hiring for culture and alignment, not just skills How to sell cyber risk to non-technical stakeholders Message to all CISOs Whether you're scaling a security startup, running a blue team, or navigating board-level cyber strategy, this episode delivers hard-earned insights from someone who's seen the full lifecycle, technical, strategic, and entrepreneurial. Timestamps: 00:00 – Intro 01:10 – Growing Up in Northern India 03:25 – Starting Out in Ethical Hacking at IBM 06:10 – From Defense to Offense: Career at ING Bank 09:00 – Identifying the Pain Points of Traditional Pentesting 11:30 – Founding BreachLock: Automating What Matters 15:40 – What is Adversarial Exposure Validation (AEV)? 19:20 – Scaling with AI, But Keeping It Human 23:45 – Managing a Remote-First Global Team 26:30 – Hiring Philosophy: Look for Disagreement and Culture Fit 30:15 – Translating Cyber Risk for the C-Suite 33:00 – Staying Grounded: Lessons from Building Profitably 36:20 – Advice to Future Founders & Security Leaders 39:00 – Final Message to all CISO’s Connect with the guest: Seemant Sehgal: https://www.linkedin.com/in/s-sehgal/ Learn more about Breachlock: https://www.breachlock.com/ Follow Cyber Security District: Laurens Jagt (Host): https://www.linkedin.com/in/laurensjagt/ Website: https://www.cybersecuritydistrict.com All channels & newsletter: https://beacons.ai/cybersecuritydistrict  

In this episode of Cyber Security District, we sit down with Mischa van Geelen, one of the Netherlands’ most remarkable cybersecurity professionals. At just 13 years old, Mischa discovered a critical vulnerability at a major Dutch bank. By 15, he was the youngest full-time pen tester at a global consultancy. Now in his twenties, he’s already co-founded one of the top incident response firms in the country, served as TISO at leading payment institutions like iDEAL and European Payment Institute (EPI) and is gearing up to launch his next venture. Mischa’s story is anything but ordinary. A self-taught hacker turned security strategist, he shares candid insights into the realities of incident response, the pitfalls of “watermelon compliance,” and why cybersecurity must be treated as a business enabler, not a sunk cost. Whether it’s rebuilding a college’s IT infrastructure after a massive ransomware attack or scaling a startup from scratch, Mischa combines technical brilliance with rare clarity on communication, compliance, and leadership. In this episode, we cover: Discovering his first vulnerability at age 13 Interning at ABN AMRO while still in high school Joining a consultancy firm as a full-time pen tester at 15 Building and scaling an incident response company Inside stories from real-world cyberattacks Why most companies still don’t “get” compliance The burnout risk of incident responders His thoughts on AI, deepfakes, and the future of cybercrime Plans for his next cybersecurity venture Advice for aspiring ethical hackers and cyber entrepreneurs Whether you're a CISO, student, founder, or future threat analyst, this episode is packed with valuable lessons and honest reflections from someone who's lived cybersecurity from every angle and isn't done yet. Timestamps: 00:00 – Intro 01:00 – Finding His First Vulnerability at 13 04:20 – Interning at ABN AMRO 07:00 – Getting Misunderstood by the School System 09:40 – Joining a Consultancy as a Teenager 14:00 – Launching a Cybersecurity Company at 17 17:20 – Challenges of Managing Incident Response Teams 22:30 – Real-Life Ransomware Incidents 27:10 – The Reality of 24/7 Cyber Incident Response 31:45 – The Emotional Impact of Cybercrime 34:30 – Working with iDEAL & EPI 38:10 – AI Threats and the Rise of Deepfakes 42:00 – Watermelon Compliance & What’s Broken in Cyber 45:50 – Mischa’s Next Venture: Automating Real Compliance 49:20 – Communication as the Missing Skill in Cybersecurity 52:00 – Final Message to Global CISOs   Connect with the guest: Mischa van Geelen: https://www.linkedin.com/in/rickgeex/ Learn more about Anovum: https://www.anovum.nl  Follow Cyber Security District: Laurens Jagt (Host): https://www.linkedin.com/in/laurensjagt/ Website: https://www.cybersecuritydistrict.com All channels & newsletter: https://beacons.ai/cybersecuritydistrict

In this episode of Cyber Security District, we sit down with Marco Riccardi, threat intelligence expert, startup founder, and the mind behind QuoIntelligence. From getting his first computer at age 7 to running cyber operations at Deutsche Bank and the European Central Bank, Marco’s journey is anything but linear. He’s built a deep-tech company protecting European infrastructure, all while fusing AI, geopolitics, and intelligence analysis into a single mission: safeguarding Europe’s digital future. Marco is the founder and CEO of QuoIntelligence, a fast-growing European scale-up tackling the growing need for context-aware threat intelligence. His roots lie in coding and hacking, but his vision is firmly set on building an intelligence powerhouse grounded in critical thinking, geopolitics, and predictive security. In this episode, he breaks down the gaps in the vendor market, why Europe needs its own intelligence solutions, and what it takes to scale a security company without losing its soul. We cover: Marco’s early obsession with computers and hacking His time in military psy-ops and its influence on his thinking Building threat intel teams at European Central Bank and Deutsche Bank Spotting the market gap that led to founding QuoIntelligence The rise of AI in cyber defense and offense Why most security teams fail at scaling His philosophy on intelligence, communication, and critical thinking Lessons from five years of building a remote-first startup The future of European cybersecurity Whether you’re a cyber leader, an aspiring threat analyst, or simply curious about how intelligence intersects with business, this episode offers a raw, honest, and insightful look into one of Europe’s most original cybersecurity minds. Timestamps: 00:00 – Intro 01:00 – Meet Marco Riccardi 04:00 – First Hacking Experiences at Age 11 07:45 – From Military Psy-Ops to Cybersecurity 11:30 – Moving to Barcelona & Malware Research 16:00 – Career at ECB and Deutsche Bank 21:15 – Why Europe Lacked Local Threat Intel Vendors 25:30 – Intelligence as a Business Advantage 30:00 – Building QuoIntelligence 35:50 – Starting a Company During COVID 39:30 – Lessons in Scaling: Hiring Mistakes & Culture 44:00 – The Power of AI in Cybersecurity 48:30 – What Threat Actors Are Doing with AI 53:00 – Advice for Entering Threat Intelligence 58:30 – Final Message to CISOs Worldwide Connect with the guest: Marco Riccardi: https://www.linkedin.com/in/marcoriccardi/ Learn more about QuoIntelligence: https://www.quointelligence.eu Follow Cyber Security District: Laurens Jagt (Host): https://www.linkedin.com/in/laurensjagt/ Website: https://www.cybersecuritydistrict.com All channels & newsletter: https://beacons.ai/cybersecuritydistrict

In this episode of Cyber Security District, we speak with Mahdi Abdulrazak, a cybersecurity leader, serial investor, and one of the most remarkable self-made minds in the field. He just left his CISO position SHV Energy, where he led a team of over 100 professionals, but his journey started much earlier as a refugee, a teenage hacker, and a relentless entrepreneur. Mahdi’s story spans continents, industries, and disciplines. Fluent in over 8 languages and driven by curiosity, he's not only built pioneering technology platforms but also invested in some of the most promising cybersecurity startups in Europe, including Hadrian and Workwise, and now his own venture Dawnguard. From building his first tech company in the early 2000s to mentoring the next generation of founders, Mahdi brings a rare blend of street smartness, deep technical insight, and philosophical clarity. After years witnessing how reactive cybersecurity slows innovation, Mahdi is building Dawnguard to make security-by-design the new default, shifting security left from day zero with the power of AI and automation. In this episode, we explore: How growing up in poverty sparked Mahdi’s hacker mindset His first steps into cybersecurity at age 15 Co-founding a platform ahead of its time in smart connectivity Investing in cybersecurity startups across Europe Why he always invests in people, not products Advice for professionals who want to become entrepreneurs How to deal with pressure and avoid burnout in security roles His vision for agentic AI, machine learning, and the future of cyber defense Mahdi speaks with striking honesty about risk, purpose, and what it means to truly contribute. Whether you’re a young professional, a seasoned CISO, or an aspiring founder, this conversation will challenge and inspire you. Timestamps: 00:00 - Introduction 00:40 - Meet Mahdi Abdulrazak 03:00 - From Warzone to Amsterdam 07:20 - Hacking as a Form of Learning 11:00 - Building a Tech Startup in the Early 2000s 16:45 - Investment Philosophy: People over Products 21:30 - Why Dutch Cyber Needs More Startups 25:00 - Becoming CISO of SHV Energy 29:15 - Handling Pressure & Avoiding Burnout 33:50 - Advice for Cybersecurity Entrepreneurs 37:40 - The Promise of Agentic AI in Cyber Defense 41:00 - Leaving a Legacy & Staying Curious 44:20 - Final Message to Global CISOs Connect with the guest: Mahdi Abdulrazak: https://www.linkedin.com/in/mahdiabdulrazak/ Learn more about Dawnguard – www.dawnguard.ai Follow Cyber Security District: Laurens Jagt (Host): https://www.linkedin.com/in/laurensjagt/ Website: https://www.cybersecuritydistrict.com/ All channels & newsletter: https://beacons.ai/cybersecuritydistrict

In this episode of Cyber Security District, we sit down with Fleur van Leusden, one of the most visible and respected voices in the Dutch cybersecurity landscape. Fleur is the current Chief Information Security Officer (CISO) at a major Dutch government institution, but her work spans far beyond that. With a background in criminology and a career that began in law enforcement, Fleur has become a strategic advisor to the Dutch education system, a frequent keynote speaker, and the host of one of the most popular cybersecurity podcasts in the Netherlands: CISO Praat. Her journey from internet detective at the Dutch National Police to forensic analyst, consultant, and now solo CISO, reflects the evolution of the cybersecurity field itself. In this episode, we dive into: Her early fascination with law, forensics, and technology Life as an “internet detective” solving high-profile crimes How she transitioned into cybersecurity leadership What it’s like being a one-woman security department Why prioritization is the toughest part of a CISO’s job Managing burnout, pressure, and the “superhero complex” Advice for young professionals who want to follow in her footsteps Fleur shares honest, witty, and insightful reflections on the pressure CISOs face, how to let go of perfectionism, and why community support is crucial in this ever-changing field. Timestamps: 00:00 - Introduction 00:30 - Meet Fleur van Leusden 02:10 - Podcasting and Finding Her Voice 05:00 - From Criminology to Cyber 07:40 - Life as an Internet Detective 13:00 - Joining the Dutch Forensic Institute 17:12 - From Testing to Hacking 21:35 - Becoming a (Bracketed) CISO 25:00 - A Day in the Life of a CISO 28:15 - Prioritization, Politics & Burnout 34:20 - On Thick Skin, Flexibility & Boundaries 38:52 - Community Support Among CISOs 42:00 - Final Message to Global CISOs Connect with the guest: Fleur van Leusden: https://www.linkedin.com/in/fleur-%F0%9F%8E%99%F0%9F%A6%8A-van-leusden-356bb054/ Follow Cybersecurity District: Laurens Jagt (Host): https://www.linkedin.com/in/laurensjagt/ Website: https://www.cybersecuritydistrict.com/ All channels & newsletter: https://beacons.ai/cybersecuritydistrict

In this episode of Cyber Security District, we sit down with Dimitri van Zantvliet, one of the most respected CISOs in the Netherlands and the current Chief Information Security Officer at the Dutch Railway (NS). Dimitri’s career spans from electromechanical engineering on offshore rigs to becoming a national authority on cybersecurity, advising startups, governments, and international councils. He’s the co-founder of the Dutch CISO community, an angel investor, a public speaker, and Dutch ambassador for the Global Council for Responsible AI. Dimitri also serves on advisory boards such as TNO and the University of Amsterdam’s Leadership Academy, shaping the future of digital security on multiple levels. In this episode, we dive into: How Dimitri manages multiple leadership roles with purpose His early transition from engineering into cybersecurity Why public transport is a vital piece of national resilience NS’s approach to defending against state actors and activist threats What makes a strong CISO in today’s geopolitical climate The rise of responsible AI and why it matters now more than ever His advice for cybersecurity founders and next-gen professionals Dimitri shares powerful insights on threat intelligence, incident response, ethical AI, and the evolving role of CISOs in a world shaped by hybrid threats and rapid technological change. Timestamps: 00:00 - Introduction 01:10 - Managing Multiple Roles 04:17 - From Engineering to Cybersecurity 06:54 - Leadership Lessons Learned 10:14 - Importance of Certifications and Grit 13:06 - Cybersecurity Challenges at NS 17:20 - State Actors, NATO, and Public Transport Threats 23:00 - What Makes a Great CISO 28:09 - Responsible AI and Smart Cities 30:38 - Investing in Startups and Supporting Founders 34:45 - Tech Areas to Watch: Compliance, Anomaly Detection, AI Agents 42:41 - Unlimited Resources: What He'd Solve First 44:02 - Advice for Young Cybersecurity Professionals 46:05 - A Final Message to CISOs Worldwide Connect with the guest: Dimitri van Zantvliet: https://www.linkedin.com/in/vanzantvliet/ Follow Cybersecurity District: Laurens Jagt (Host): https://www.linkedin.com/in/laurensjagt/ Website: https://www.cybersecuritydistrict.com/ All channels & newsletter: https://beacons.ai/cybersecuritydistrict

Title: The Infrastructure Behind Smarter SOCs with VirtualMetric Founders | Cyber Security District Podcast Episode Description: In this episode of Cyber Security District, we sit down with the founders of VirtualMetric, one of Europe’s most promising scale-ups in the cybersecurity space. Meet Yusuf Öztürk, CTO and original brain behind the platform, and Jimmy Wind, CEO and commercial strategist who joined the company to accelerate growth and take it global. VirtualMetric started as a performance monitoring tool but made a smart pivot into cybersecurity, solving one of the biggest pain points for Security Operations Centers (SOCs): the skyrocketing cost and inefficiency of SIEM platforms like Microsoft Sentinel. In this episode, we dive into: How VirtualMetric evolved from IT monitoring to cybersecurity The cost-saving power of their security data pipeline Why Microsoft and MSSPs are embracing their solution Lessons in product-market fit, pivoting, and startup resilience Advice for first-time founders in cybersecurity Yusuf and Jimmy share practical insights on filtering and enriching telemetry data, how to reduce your SIEM bill by 70–80%, and why smart pre-processing is a must-have for every CISO. Key Takeaways: Pre-process your data before it hits your SIEM to save time and money Automation beats manual parsing every time Focus on solving real pain points, not changing behavior Timestamps: 00:00 - Introduction 01:12 - Meet the founders: Yusuf and Jimmy 03:45 - The origins of VirtualMetric 07:32 - Agentless monitoring and breakthrough compression 11:16 - Pivoting into cybersecurity 15:25 - Why current SIEM tools fall short 18:50 - Deep integration with Microsoft Sentinel 22:40 - How VirtualMetric slashes data ingest costs 27:58 - The AI opportunity (and risk) in data pipelines 34:02 - Scaling after investment 41:21 - Advice for cybersecurity founders 47:00 - Final message to global CISOs Connect with the guests: Jimmy Wind (CEO): https://www.linkedin.com/in/jimmywind/ Yusuf Öztürk (CTO): https://www.linkedin.com/in/yusufozturk87/ Follow Cybersecurity District: Laurens Jagt on LinkedIn: https://www.linkedin.com/in/laurensjagt/ Website: https://www.cybersecuritydistrict.com/ All channels & newsletter: https://beacons.ai/cybersecuritydistrict

Welcome to another exciting episode of Cybersecurity District. Today, we're diving into a hot topic—cryptocurrency and cybersecurity—with none other than Jean-Paul de Jong, a partner at BlockFo and a seasoned expert in cyber investigations and blockchain security. With over 30 years of experience, Jean-Paul has worked with multinational enterprises, law enforcement, and intelligence organizations such as the British government and Europol. In 2018, he transitioned into the world of blockchain, where he now plays a key role in fighting cryptocurrency-related crimes. In this episode, we discuss: The mission of BlockFo in combating crypto crimes Real-life cases, including how Hamas funding was tracked using blockchain The challenges in recovering stolen crypto funds The future of cryptocurrency in corporate finance Tips for protecting your crypto investments Jean-Paul also shares his journey from traditional IT roles to becoming a leader in blockchain, offering invaluable insights for both experienced professionals and newcomers to the field. Key takeaways include the importance of hardware wallets, multi-factor authentication, and the growing demand for cybersecurity expertise in the blockchain industry. Timestamps: (00:00) Introduction (00:26) Jean-Paul de Jong’s background and experience (01:20) The mission of BlockFo (02:52) Challenges in resolving crypto crimes (05:06) Real-life case study: Tracking Hamas funding (08:07) Blockchain’s role in tracing transactions (14:23) Jean-Paul’s transition to blockchain (24:52) Cybersecurity for startups (34:36) The future of BlockFo and corporate crypto transactions (39:45) Tips for safeguarding your crypto (51:52) Final message to CISOs Don't miss this engaging and insightful conversation. Tune in to learn from one of the leading minds in cybersecurity.    Connect with us:  Laurens Jagt on LinkedIn:  https://www.linkedin.com/in/laurensjagt/ Jean-Paul De Jong LinkedIn:  https://www.linkedin.com/in/jeanpauldejong/   Visit our website: https://www.cybersecuritydistrict.com/   Subscribe to our newsletter and follow us here: https://beacons.ai/cybersecuritydistrict

Welcome to another episode of Cyber Security District, the podcast where we interview the most inspiring minds in the cybersecurity industry. In this episode, we have the pleasure of hosting Brenno de Winter, a renowned journalist, public speaker, author, and cybersecurity expert. Brenno shares his fascinating career journey, starting from his early days as an IT professional, to his pivotal decision to become a journalist after the events of September 11th, 2001. He delves into his investigative journalism career, highlighting significant moments such as the DigiNotar hack and the impact of Edward Snowden's revelations. Currently working at the Ministry of Health, Sports, and Welfare in the Netherlands, Brenno discusses his role in developing the CoronaCheck-app and his ongoing efforts in the field of data protection and cybersecurity. He also shares valuable insights and tips for young professionals looking to make a mark in the industry. Timestamps: (00:00) Introduction (00:15) Welcoming Brenno de Winter (00:48) Brenno's early career in IT (03:09) Transition to journalism post-9/11 (05:25) Impact of Edward Snowden's revelations (06:28) Changes in society post-9/11 (08:39) Becoming a successful journalist (11:26) Memorable moments in investigative journalism (14:18) Early challenges in cybersecurity journalism (15:29) Europe's approach to data protection (20:04) Transition back to cybersecurity (25:40) Role at the Ministry of Health and the CoronaCheck-app (29:09) Future plans and OpenKAT project (33:51) Tips for young professionals in cybersecurity (36:57) Final thoughts and message to CISOs   Connect with us: Laurens Jagt on LinkedIn: Laurens Jagt Brenno De Winter on LinkedIn: Brenno de Winter Visit our website: https://www.cybersecuritydistrict.com/ Subscribe to our newsletter and follow us here: https://beacons.ai/cybersecuritydistrict