Kalman Tiboldi - CTO & Founder at GemOne-TVH - Simplify or Die: Why Complexity Is the Real IT Challenge
Find out more:
Belgium 9-9-25 Squad Only Physical english
As Belgium navigates the complexities of GDPR and various data sovereignty regulations, organizations across multiple industries face both challenges and opportunities in managing their data across borders. The quest for compliance often intersects with the need for business growth, raising questions about the balance between protection and progress. How can companies effectively own and safeguard their data while ensuring compliance without stifling innovation and expansion in a multi-industry landscape?
Read MorePoland 9-9-25 Invitation Only Virtual Polish
Utrzymanie talentów w organizacji IT ulokowanej na konkurencyjnym rynku pracy to nie lada zadanie. A jeśli do tego mówimy o organizacji z sektora publicznego? O swoich i swojej organizacji doświadczeniach, metodach i programach opowie Anna Wituła z CIRF. Będzie to jak zawsze okazja do dyskusji na temat różnych sposobów na utrzymanie talentów w firmie.
Read MoreBelgium 11-9-25 Squad Only Virtual english
You’ve built the portal. Added the chatbot. Rolled out self-service. But your support lines are still ringing. And your frontline teams are still improvising. If you want digital services to feel seamless, not just look polished, this session brings you back to where value is felt: at the frontline.
Read MorePoland 11-9-25 Invitation Only Virtual Polish
W fabrykach cyberbezpieczeństwo często zależy od podwykonawców – integratorów, dostawców systemów automatyki i firm serwisowych, które mają zaskakująco szeroki dostęp do infrastruktury OT. W tej prezentacji Igor Zbyryt z BZK pokaże, jak z perspektywy końcowego użytkownika i integratora wygląda współpraca z tymi firmami oraz jakie realne ryzyka to niesie – również w kontekście NIS2. Zamiast wyliczać różnice między IT a OT, skupi się na wspólnym mianowniku i tym, co trzeba zmienić w podejściu organizacji, żeby cyber w produkcji zaczęło działać.
Read MoreBelgium 13-9-25 All Members Physical english
Join us for a scenic ride along the route of the Brabantse Pijl!This ride is suitable for all levels of cyclists and doesn’t require advanced technical skills. We’ll start at de Zoete Waters, where parking is available, and head into the charming Brabant region. Along the way, we’ll tackle some of the area’s iconic climbs — including the legendary Moskesstraat, known for its cobbled character and history in pro cycling. Expect a relaxed, friendly atmosphere and beautiful views throughout. Whether you're training, exploring, or just riding for fun, you’re more than welcome to join!
Read MoreBelgium 16-9-25 Squad Only Physical english
The system works. That’s the problem. It’s old, complex, deeply integrated, and still running your most critical operations. Everyone agrees change is needed. But no one wants to be the one who breaks it. The stakes are too high.
Read MoreGermany Sep 9, 2025 Country Members Physical german
Vom ersten Use Case zur strategischen Neuausrichtung CIONET lädt bereits zum vierten Mal zu einem exklusiven Roundtable für CIOs und Digitalverantwortliche aus Logistik und Handel ein. Im Mittelpunkt des Abends steht die Frage, wie Unternehmen ihre KI-Initiativen erfolgreich skalieren und aus ersten Use Cases echten strategischen Mehrwert schaffen. Microsoft 365 für Frontline Worker: Moderne Tools, die Mitarbeitende im Tagesgeschäft entlasten ServiceNow für Prozessintegration: Automatisierte End-to-End-Workflows – vom Schadensfall bis zur Retourenabwicklung KI-gestützte Disposition und Planung: Mit smarten Algorithmen zur optimierten Supply Chain Digitale Lieferketten und letzte Meile: Transparenz, Effizienz und Kundenzentrierung durchgängig gedacht
Read MoreBelgium Sep 13, 2025 All Members Physical english
Join us for a wonderful ride. The ride is accessible to all levels of riders and doesn't require extensive technical skills. More information will follow soon. Looking forward to ride together!
Read MoreGermany Sep 17, 2025 Country Members Physical german
Cybersecurity ist längst kein reines IT-Thema mehr – sie betrifft das gesamte Unternehmen. Doch während die Bedrohungslage zunimmt, geraten viele Security-Verantwortliche an ihre Belastungsgrenzen: zwischen 24/7-Verantwortung, wachsenden Anforderungen und dem ständigen Innovationsdruck.
Read MoreGermany Sep 17, 2025 Country Members Physical german
IT-Betrieb und Cybersicherheit stehen heute unter extremem Druck: steigende Komplexität, wachsende regulatorische Anforderungen (NIS2, DORA, KRITIS), chronische Ressourcenknappheit – und gleichzeitig eine Bedrohungslage, die keine Verzögerungen duldet. Trotzdem agieren viele IT- und Security-Teams noch immer in Silos. Die Folge: ineffiziente Abläufe, Tool-Wildwuchs, langsame Reaktion auf Vorfälle und unklare Verantwortlichkeiten.
Read MoreGermany Sep 18, 2025 Country Members Virtual german
Nachhaltigkeit ist für CIOs nicht nur ein „Nice-to-have“, sondern eine strategische Priorität – sie beeinflusst direkt die finanzielle Performance, die operative Effizienz und die langfristige Wettbewerbsfähigkeit.
Read MoreBelgium Sep 18, 2025 Country Members Physical french
La dette technique est comparable à la négligence des réparations d'une maison. Ignorer un toit qui fuit peut faire gagner du temps aujourd'hui, mais cela pourrait conduire à l'effondrement du plafond plus tard. Pour remédier à la dette technique, il faut trouver et réparer ces fuites dès maintenant et mettre en place un plan d'entretien de la maison afin qu'elle soit prête pour les extensions futures. Pour résoudre ces problèmes, il faut définir des priorités stratégiques, communiquer clairement avec les parties prenantes et établir une feuille de route à long terme pour la modernisation. Cet événement se déroulera entièrement en français.
Read MoreGermany Sep 9, 2025 Country Members Physical german
Vom ersten Use Case zur strategischen Neuausrichtung CIONET lädt bereits zum vierten Mal zu einem exklusiven Roundtable für CIOs und Digitalverantwortliche aus Logistik und Handel ein. Im Mittelpunkt des Abends steht die Frage, wie Unternehmen ihre KI-Initiativen erfolgreich skalieren und aus ersten Use Cases echten strategischen Mehrwert schaffen. Microsoft 365 für Frontline Worker: Moderne Tools, die Mitarbeitende im Tagesgeschäft entlasten ServiceNow für Prozessintegration: Automatisierte End-to-End-Workflows – vom Schadensfall bis zur Retourenabwicklung KI-gestützte Disposition und Planung: Mit smarten Algorithmen zur optimierten Supply Chain Digitale Lieferketten und letzte Meile: Transparenz, Effizienz und Kundenzentrierung durchgängig gedacht
Read MoreBelgium Sep 13, 2025 All Members Physical english
Join us for a wonderful ride. The ride is accessible to all levels of riders and doesn't require extensive technical skills. More information will follow soon. Looking forward to ride together!
Read MoreGermany Sep 17, 2025 Country Members Physical german
Cybersecurity ist längst kein reines IT-Thema mehr – sie betrifft das gesamte Unternehmen. Doch während die Bedrohungslage zunimmt, geraten viele Security-Verantwortliche an ihre Belastungsgrenzen: zwischen 24/7-Verantwortung, wachsenden Anforderungen und dem ständigen Innovationsdruck.
Read MoreGermany Sep 17, 2025 Country Members Physical german
IT-Betrieb und Cybersicherheit stehen heute unter extremem Druck: steigende Komplexität, wachsende regulatorische Anforderungen (NIS2, DORA, KRITIS), chronische Ressourcenknappheit – und gleichzeitig eine Bedrohungslage, die keine Verzögerungen duldet. Trotzdem agieren viele IT- und Security-Teams noch immer in Silos. Die Folge: ineffiziente Abläufe, Tool-Wildwuchs, langsame Reaktion auf Vorfälle und unklare Verantwortlichkeiten.
Read MoreGermany Sep 18, 2025 Country Members Virtual german
Nachhaltigkeit ist für CIOs nicht nur ein „Nice-to-have“, sondern eine strategische Priorität – sie beeinflusst direkt die finanzielle Performance, die operative Effizienz und die langfristige Wettbewerbsfähigkeit.
Read MoreBelgium Sep 18, 2025 Country Members Physical french
La dette technique est comparable à la négligence des réparations d'une maison. Ignorer un toit qui fuit peut faire gagner du temps aujourd'hui, mais cela pourrait conduire à l'effondrement du plafond plus tard. Pour remédier à la dette technique, il faut trouver et réparer ces fuites dès maintenant et mettre en place un plan d'entretien de la maison afin qu'elle soit prête pour les extensions futures. Pour résoudre ces problèmes, il faut définir des priorités stratégiques, communiquer clairement avec les parties prenantes et établir une feuille de route à long terme pour la modernisation. Cet événement se déroulera entièrement en français.
Read MoreHow Atlassian Enforces Best Practices in Its Cloud Infrastructure
How Atlassian Enforces Best Practices in Its Cloud Infrastructure
INTRODUCTION
This is an updated version of an October 2019 post from the ATLASSIAN Community – How Atlassian enforces Best Practices in its Cloud Infrastructure. Link to original blog post.
The majority of Atlassian’s business runs on Amazon Web Services (AWS). Due to the large scale of our infrastructure, we allow for teams to manage their own changes without a centralised review. Atlassian operates on a “trust, but verify” model: We promote a set of best practices and guidelines for teams to follow and we then check that these best practices are being implemented. Where the target is missed, we help the team readjust.
The most widely known example are S3 buckets that are publicly available and can be accessed by anyone. Countless companies have been caught off guard by accidentally putting confidential information in public buckets. It has prompted Amazon to offer additional safeguards in the form of bucket-level overrides to deny any sort of public object, acknowledging the severity of this problem.
At Atlassian, we have added a new tool to our vulnerability management belt so we can assist teams in following the best practices we have established: Trend Micro Cloud One™ – Conformity which specialises in continuously scanning the configuration of cloud infrastructure.
While they offer support for multiple cloud providers as well as checks for all five pillars of the well-architected framework, we use the tool for its “Security” checks for AWS.
ADOPTION
Nearly all of our AWS accounts are being scanned on an hourly basis and the results are reported to the security team. To enable our developers to move fast and remove security as a gatekeeper we didn’t stop there, though. Instead, we integrated Cloud One - Conformity with our vulnerability pipeline which files Jira tickets for any findings we discover through these scans. Our developers live and breathe Jira day in, day out, so surfacing this information here is much more natural for them than having to look for these findings in some third party tool or needing security as an intermediary.
Anyone who has ever tried to deploy a security scanner inside an organisation knows that they are never set-and-forget. Instead, they require fine-tuning to ensure they only produce meaningful results. Every enterprise environment is different and particularly at scale, edge cases exist that scanners would not anticipate. For example, our internal PaaS enforces a set of best practices that have been developed in collaboration with the security team. Some of the configurations that come out of this are secure in this context, but the scanner will still report on them because they generally wouldn’t be. As a result, we spent some time refining the set of rules we care about.
In our first iteration, we decided to focus on our highest severity AWS accounts. These accounts hold our customers' data or manage our infrastructure, for example our CI/CD. In addition, we narrowed down the initial set of rules to those we consider high severity. We then spent some time working closely with those teams that own these important AWS accounts to ensure all findings provide a meaningful security benefit. Based on this feedback, we adjusted the configuration of our rules to fit right into our organisation. Only for this subset of accounts & rules are we creating Jira tickets, as we have verified the quality of these findings.
The next iteration has already started and is expanding out the scope of accounts having Jira tickets created as well as including more rules that are being reviewed. Eventually, all our AWS accounts will be under our security SLA and every check will have been reviewed and configured to the specifics of our environment.
We also continue working closely with the Conformity team, who are responsive to our feedback and quickly fix any bugs we discover in their product. They are great at including our feature requests in their roadmap and always keep us informed on when work is starting on anything we care about. This way, we keep increasing the value their service provides to us which directly translates into an ever increasing security posture.
When the security researcher “benmap” presented at DEF CON 27 recently, the community learned just how vulnerable public EBS volumes can leave a company, reminding everyone that not just S3 buckets can be made public and contain sensitive information. Naturally, we investigated our own environment for such public volumes. Since Conformity was already actively scanning all of our accounts, we were able to perform a fast investigation that gave a complete picture of all public volumes and we could quickly confirm that none of them contained any sensitive information. In addition, we will be alerted to any future volumes that are being made public and can ensure we are not exposing any sensitive information through them.
As a helpful side-effect these scans provide a forcing function for teams to go into their own environments and clean up any stale resources left over from development experiments. Atlassian enables our developers to iterate quickly, try out new features and innovate on our services. As a security team, we are responsible for making sure that these experiments happen within a suitable environment and in a way that don’t put customer data at risk. Part of this responsibility is making sure that unused resources are being cleaned up and Conformity helps us achieve this. We notify developers about resources with insecure configurations and sometimes developers realise they do not need those resources anymore and delete them.
With a tool like Trend Micro Cloud One - Conformity in our arsenal, we now have ongoing assurance that our cloud infrastructure is in a good and secure state.
We go beyond just vulnerabilities and use it to actually enforce best practices, which ensures our cloud security posture is best of breed.
88 Views 1 Likes Read More
Embark on a culinary journey through the ever-evolving world of digital leadership with our third edition of the CIONET Cookbook: Recipes for Digital Success. Unveiling the intricate trilemma faced by today’s Master Chefs, our trailblazing European CIOs address a challenge at the nexus of customer interests, digital transformation strategies, and IT modernisation. Their secret? Synchronising the gearing between customer, business, and technology to create a frictionless movement through the digital landscape.
The CIONET Cookbook uses the analogy of a five-star restaurant to explain the importance of optimally integrated technology, with the CIO as Master Chef. In order to provide the best service to its customers, a top restaurant must have the right atmosphere, an inviting menu, a well-equipped kitchen, talented and committed front-of-house and kitchen staff and smooth-running processes that ensure an enjoyable experience for diners.
Geopolitical tensions have dominated the headlines for over two years now. In this context, the cyber threat landscape is also evolving rapidly. The protection and security of critical infrastructure – both physical and digital – is becoming increasingly important.
In our new app, our members connect with other digital leaders from around the world to find better solutions to their challenges.
Connect with digital leaders like you
Share ideas, best practices, and new resources
Experience inspiring and thought-provoking content and conversations you can’t find anywhere else
Make better, more well-informed decisions about the topics that are most important to you
Head of IT Germany and Regional Office Lead Munich, Microsoft
IT Director, IT Thinker
Vice president IT & Compliance, VisionaryRCM (A Carlyle Grp Company)
CIONET’s mission is to help IT executives become more at ease and above all more successful in their jobs. So they can do more than just keep up with change but ultimately define it. CIONET opens up a whole new universe of opportunities in IT management.
With the largest membership of corporate digital leaders across Europe, Latin America, US and Australia, CIONET has the expertise and pioneering vision to solve or address any IT management challenge.
From our local and global events, from our publications and research to our executive education programmes, everything we do is aimed at making sure digital leaders maximise their potential.
with digital leaders who share your interests, who face the same challenges, who care about the same topics.
stories, experiences, and ideas around our shared mission.
from our exclusive events, publications and research.
inspiration, thought-provoking conversations, expert perspectives and exclusive first-hand content each and every day
and make better, more well-informed decisions on how to lead your digital business.
your potential. Realise your ambitions.
You can either send us a registered handwritten letter explaining why you'd like to become a member or you can simply talk to us right here!
Would you like to know more about CIONET, membership or partnership opportunities? Do you have feedback or any other question? Send us a message!