2011 — 2018 · PhD
Applied Economics
Maturing Business Information Security — performance management & enterprise engineering
University of Antwerp · BE
N° 06 · THE SHERPA · Portrait 52°05′N · 04°17′E — The Hague
Prof. Dr.Yuri Bobbert.
Professor · Author · Global CSO · Executive coach to CISOs and digital leaders. Dual PhD in Applied Economics (University of Antwerp, 2018) and Information Systems Science (Radboud, 2018). Stanford graduate in Innovative Technology Leadership (2022). 26+ years of management experience across technology, education, financial services, government and professional services — 10 books, 100+ peer-reviewed papers, and more than 300 organisations advised.
- Titles
- Prof. · Dr.
- Practice since
- 2004
- Languages
- EN · NL
- Seat
- The Hague · NL
- Reach
- Four continents
- Fields
- Cyber · AI · Governance
Chapter I · The Portrait
A career written at altitude —
A career written at altitude —
by a professor who never left the field.
YB · 2026 Antwerp · The Hague § 01 · The approach
Yuri Bobbert is a Dutch entrepreneur in technology, an author, and a professor, known for his work in digital leadership and information security. He has founded companies including Meetingwizard (Group Support Systems SaaS, co-founded 2009), SecuriMeter (RegTech, acquired by DPA Group in 2014), and B-ABLE (Business Information Security consulting, acquired by DPA Group in 2014). He has held Global Group Chief Security Officer roles at NN Group and UWV, and today serves as Global CSO of ON2IT, Academic Director at Antwerp Management School and Professor at the University of Antwerp.
Over the years he has coached hundreds of professionals — from emerging leaders to senior executives — bridging academic rigour with real-world execution. Ysherpa is the private executive practice through which he now gathers 26+ years of that work into a single pursuit: guiding newly-appointed executives through the terrain they have been asked to lead.
A teacher who never stopped doing.
Across more than two hundred moderated board-level sessions, three hundred keynote engagements, one hundred-plus Master's theses supervised, and advisory relationships with over three hundred organisations, a single habit has held: to arrive in the room already briefed, to listen for longer than is comfortable, and to leave the client better oriented than they were when the conversation began.
§
On method. Ysherpa is not a training programme, a coaching franchise, or a retainer for advice-on-tap. It is a bespoke engagement — short where that is enough, long where the mountain demands it.
- Full name
- Prof. Dr. Yuri Bobbert
- Born
- Netherlands, 1973
- Based in
- The Hague · NL
- Works globally
- EU · US · MEA · APAC
- Working languages
- English · Nederlands
- Availability
- Selective · By introduction
My motto: AI = Appreciative Inquiry. A strengths-based, positive approach to organisational change — focused on discovering what already works, amplifying success, and building an energising path forward.— Y. Bobbert · Opening Minds to Impact the World
Today's cyber security leaders can't limit themselves to the role of enforcer. First and foremost, they need to focus on building a resilient organisational structure and culture.— Y. Bobbert · Cyber Security Coalition interview
Chapter II · Roles & seats
A path written in positions held —
A path written in positions held —
not titles pursued.
Present
Founder & Principal · Ysherpa executive practice
Ysherpa
The Hague · NL
Oct 2019 — present
Global Chief Security Officer · Zero Trust as a Service · US financial industry · ME & APAC (2025)
ON2IT Cybersecurity
Plano · TX · US
Feb 2013 — present
Academic Director & Professor · Business IT Management · Executive Master in Cybersecurity & Risk Management · Executive Master in Audit & Assurance
Antwerp Management School
Antwerp · BE
Mar 2014 — present
Professor · Faculty of Business and Economics
University of Antwerp
Antwerp · BE
Visiting
Lecturer · Cyber Security Academy
Leiden University · TU Delft
Leiden / Delft · NL
Nov 2009 — present
Co-founder · Owner · Group Support Systems SaaS · Eduwizard for schools
Meetingwizard
Capelle aan den IJssel · NL
Feb 2010 — present
Book author · ten research & management books across four publishers
Several publishers
—
Jan 2012 — present
Volunteer · ISACA Journal contributor · Researcher of the Year finalist (2023, 2024)
ISACA
United States
Mar 2016 — Sep 2019
Global Head of Information Security, Risk & Compliance · Delta Lloyd integration · LockChain platform
NN Group · AEX-listed
The Hague · NL
Apr 2014 — Mar 2016
Head of Digital Security (ad-interim CISO) · Dutch government employment agency
UWV
Amsterdam · NL
2013 — present
Associate Professor
NOVI University of Applied Sciences
Utrecht · NL
2012 — present
Chair · Bachelor IT supervisory board
LOI University of Applied Sciences
NL
2011
Visiting PhD researcher · ITAG Research Institute
Antwerp Management School
Antwerp · BE
Nov 2010 — Oct 2014
CTO · Founder · SecuriMeter compliance dashboard for CxO · acquired by DPA Group, Oct 2014
SecuriMeter Technology (RegTech)
Utrecht · NL
Apr 2004 — Mar 2014
CEO · Founder · Business Information Security, Risk & Compliance consulting · acquired by DPA Group, Jun 2014
B-ABLE
Utrecht · NL
Apr 2001 — Apr 2004
Global Business Development
2source4
Utrecht · NL
Jul 1996 — Apr 2001
Team manager · Sales & business development
Technology Delivery Services
Utrecht · NL
Chapter III · Education
Read, researched, and returned to teach.
2015 — 2018 · PhD
Information Systems Science
Digital Security Institute · joint doctorate with Antwerp
Radboud University · Nijmegen · NL
Jul 2022
Innovative Technology Leader
Graduate School of Business — executive programme
Stanford University · California · US
2011 — 2013 · MSc
Business Research Methods
Master's degree
Maastricht University · NL
2013 — 2014 · Post-Master
Case Study Research
Rijksuniversiteit Groningen
University of Groningen · NL
Studies
Computer Science
Utrecht University · NL
Chapter III.b · Professional certifications
Formal credentials — verifiable, renewed, and in current use.
AAIA™
Advanced in AI Audit
Specialist credential for auditing enterprise AI systems — risk, governance, controls.
ISACA®
CISA
Certified Information Systems Auditor
Long-standing global standard for IT audit, control and assurance professionals.
ISACA
CISM
Certified Information Security Manager
Enterprise-grade credential for information-security governance and management.
ISACA
SABSA F.
SABSA Certified Foundation
Business-driven security architecture — the SABSA method for risk-aligned security design.
SABSA Institute
Chapter IV · Teaching
Executive programmes designed, built, and still taught.
2018 · Designed
Executive Master in Cybersecurity & Risk Management
A graduate programme for senior executives navigating enterprise security, governance and digital risk — architected from first principles by Yuri and still delivered at Antwerp Management School.
Antwerp Management School · Ongoing
2025 · Designed
Executive Master in Audit & Assurance
Designed for the next generation of audit & assurance leaders — combining IT audit, governance, and regulatory craft with the executive posture required to sign for it.
Antwerp Management School · Ongoing
Since 2016
100+ Master's theses supervised
Graduate research directed at the intersection of information security, governance, digital transformation and AI — producing the next generation of practitioner-academics.
Antwerp Management School · NOVI · LOI
Ongoing
Zero Trust as a Service — ZTAAS
Co-developed at ON2IT: a model to measure and monitor Zero Trust implementations at enterprise scale. Serving US community banking, FinTech, M&A and regulated industries — expanding through the Middle East and Asia in 2025.
ON2IT · US · ME · APAC
Chapter V · In print
The work, in hardback.
- 2025 Implementing DORA in FinTech — From regulatory requirements to technology
- 2024 Digital Security Leadership
- 2023 Exploring Skills and Capabilities for Digital Value Creation
- 2022 25 Years of Group Support Systems — From Fata Morgana to Silver Bullet
- 2021 Strategic Approaches to Digital Platform Security Assurance
- 2020 Leading in Digital Security — Twelve Ways to Combat the Silent Enemy
- — CISO Handbook
- 2018 Improving the Maturity of Business Information Security
- 2018 Critical Success Factors for effective Business Information Security
- 2018 Cybersecurity in 60 Minuten
- 2014 Hoe veilig is mijn "aandeel"? — Het borgen van vertrouwen, reputatie & continuïteit met MBIS
- 2010 Maturing Business Information Security
Chapter V.b · Selected publications
Peer-reviewed papers & articles.
More than 100 publications across Springer, IEEE, ISACA Journal, AMS, FAIR Institute, AG Connect, Platform van Informatiebeveiliging, Financieel Dagblad and other peer-reviewed venues, from 2008 to 2026. The full bibliography lives on Yuri's Academia.edu profile. Selected highlights below.
2026
- Apr 2026 The Value of the Cyberrisk Agent in M&A
- Apr 2026 Decisions on Cybersecurity Investments — A Pyramid Approach to Return on Security Investments (ROSI)
- Jan 2026 Zero Trust in Agile Development — Results of an Agile Software Assurance Benchmark Related to Zero Trust
- Jan 2026 From Gut Feel to Gains — The Cybersecurity ROI Pyramid
- 2026 Zero Trust That Works — Measured, Assured, and Governed for 2026
- 2026 What Boards Are Asking — The CIO, CFO & CISO Response for 2026: The 7 Shifts That Will Define the Future of Leadership in Tech & Finance
2025
- Dec 2025 The Future of Cyber Insurance — From Reactive Reimbursement to Risk-Based Resilience
- Oct 2025 From Gut Feel to Gains — The Cybersecurity ROI Pyramid
- Sep 2025 On Improving the Adoption of Cyber Risk Quantification
- Jul 2025 BOOK — Implementing DORA in FinTech: From regulatory requirements to technology
- May 2025 The Knowing-Doing Gap in Digital Security — Three Takeaways to Close the Gap
- Feb 2025 Flipping the Classroom — How Group Support Systems Revolutionize Teaching and Learning
- Jan 2025 Hoofdstuk 10 in boek: Digitale Transformatie bij een zorginstelling — Aan de slag met kennis en leiderschap
- 2025 The Value of Diversity and Inclusion in Cybersecurity
- 2025 How Zero Trust Reduces Cyber Risks and Lowers Cyber Insurance Premiums
- 2025 Performance Management in Information Security
- 2025 Data-driven learning and evaluation — a new approach to education and research
2024
- Sep 2024 How Companies Can Deal with the Increase of EU Tech Regulations
- Sep 2024 NIS2 — Wat moet ik ermee?
- Jul 2024 Overcoming the Fear of Missing Out on Data — On Exploring Practices to Become and Remain Data-Fit through Empirical Research
- Jul 2024 Tech Regulations — How to Relieve the Burden of Supervisory Bodies and Reduce Risk for Investors
- Jul 2024 De toekomst van Governance, Risk en Compliance
- Jul 2024 BOOK — Digital Security Leadership
- Feb 2024 How to Gain More "Bang for the Buck" — Quantifying Risk with Random Simulations
- Jan 2024 The Nuts and Bolts of Achieving Security Compliance in Financial Services
- 2024 On a Zero Trust Architecture Approach, Repository & Management Model for Compliance with Industry Frameworks and Regulations
- 2024 How the Concept of "Test Once Comply Many" Helps Organisations Comply
2023
- Dec 2023 An Exploration of AI Risk & Collaborative Assessment Methodology
- Dec 2023 How to Deal with "Digital Assurance"
- Dec 2023 The Compensation Trap — Why Less Cybersecurity Staff is More
- Dec 2023 Tech Regulations — How to Relieve the Burden of Supervisory Bodies and Reduce Risk for Investors
- Nov 2023 How Zero Trust as a Service (ZTaaS) Reduces the Cost of a Breach — A Conceptual Approach
- Feb 2023 BOOK — Exploring Skills and Capabilities for Digital Value Creation
- 2023 Collaboration Engineering with Group Support Systems
2022
- Dec 2022 Five Things Digital Security Leaders Can Learn from Elon Musk's Twitter Takeover
- Dec 2022 Influential Trends for Emerging Roles in Digital Security — 2023 and Beyond
- Aug 2022 Conference Paper — Zero Trust Validation: from Practical Approaches to Theory
- May 2022 Conference Paper — Perspectives from 50+ Years' Practical Zero Trust Experience and Learnings on Buyer Expectations and Industry Promises
- Mar 2022 BOOK — 25 Years of Group Support Systems: From Fata Morgana to Silver Bullet
- Jan 2022 Conference Paper — Leveraging Zero Trust Security Strategy to Facilitate Compliance to Data Protection Regulations
- Jan 2022 Conference Paper — On the Empirical Validation of a Zero Trust Security Framework via Group Support System Research
- Jan 2022 Conference Paper — How Zero Trust as a Service (ZTaaS) Reduces the Cost of a Breach
- Jan 2022 Article — Digital Security Requires a Complete Leader
- 2022 Cut Compliance Bureaucracy with "Test Once, Comply Many" & "Tech Assurance Statements"
2021
- Apr 2021 BOOK — Strategic Approaches to Digital Platform Security Assurance
- Mar 2021 Conference Paper — On the Design and Engineering of a Zero Trust Security Artefact
- Mar 2021 Article — 25 Years of Meetings, From Fata Morgana to "Silver Bullet"
- 2021 Problems of CI/CD and DevOps on Security Compliance
- 2021 Findings and Core Practices in the Domain of CI/CD and DevOps on Security Compliance
2020
- Aug 2020 BOOK — Leading in Digital Security: Twelve Ways to Combat the Silent Enemy
- Mar 2020 Conference Paper — LockChain Technology as One Source of Truth for Cyber, Information Security & Privacy
- Mar 2020 Journal Paper — Zero Trust Validation: From Practical Approaches to Theory
- 2020 Organizing Viable Information Security Governance and Management
2019
- Dec 2019 Journal Paper — Cybersecurity Readiness: An Empirical Study of Effective Cybersecurity Practices for Industrial Control Systems
- Nov 2019 Biggest Bang for the Security Buck — What Kind of Conversations Do Cybersecurity Vendors Need to Have with the CISOs of Large Organizations?
- Jan 2019 Conference Paper — Enterprise Engineering in Business Information Security: A case study & expert validation in Security, Risk and Compliance artefact engineering
2018
- Nov 2018 Security als vaccinatie
- Nov 2018 Vergadersoftware kan beveiliging verbeteren
- Aug 2018 BOOK — Cybersecurity in 60 Minutes
- Aug 2018 BOOK — Critical Success Factors for Effective Business Information Security
- Jul 2018 BOOK — Improving the Maturity of Business Information Security: On the Design and Engineering of a Business Information Security Artefact
- Apr 2018 Enterprise Engineering in Business Information Security — "A Case Study in Security, Risk and Compliance Artefact Engineering"
2017
- Dec 2017 Cyber Security Insurance — A Study on Establishing an Artefact to Discover, Identify, Mitigate Cyberrisks and to Examine the Economic Evaluation of Underwriting Premiums
- Jul 2017 On Exploring Research Methods for Business Information Security Alignment and Artefact Engineering
- Jun 2017 The State of the Art of Business Information Security Artefact Engineering — Using Design Science Research for Artefact Engineering
- Apr 2017 Exploring Research Methods for the Design and Engineering of a Business Information Security Artefact
- Mar 2017 Jonge Jongens (interview)
- May 2017 Never Waste a Good Incident — An Explorative Study into Critical Success Factors for the Improvement of Business Information Security
- 2017 Cyber Security: Fact and Fiction
2016
- Nov 2016 Boardroom Dynamics — Group Support for the Board's Involvement in a Smart Security Decision-Making Process
- Oct 2016 Why Do IT Governance and Information Security Governance Practices Fail?
- Oct 2016 Cybersecurity within NN Group — The Role of the CISO
- May 2016 The "Seven Habits of Highly Effective CISOs"
- May 2016 CISO Special
- May 2016 Vergaderen om te besluiten — Het gebruik van een Group Support System in Informatiebeveiliging
- May 2016 Competentie management op basis van learning analytics
2015
- Dec 2015 Governance Practices and Critical Success Factors Suitable for Business Information Security
- Aug 2015 Cybersecurity in de bestuurskamer
- May 2015 De CISO van de toekomst
- May 2015 Book review — Hoe veilig is mijn "aandeel"?
- Mar 2015 Cybersecurity in de boardroom — Wat beweegt bestuur en commissarissen?
- Mar 2015 De Chief Information Security Officer van morgen — op zoek naar een duizendpoot
- Feb 2015 Porters' Elements for a Business Information Security Strategy
- Feb 2015 Governance Practices and Critical Success Factors Suitable for Business Information Security — A Literature and Security Expert Validation
2014
- Nov 2014 It's Time to Get Our Hand Out of the Sand
- Nov 2014 BOOK — Hoe veilig is mijn "aandeel"?
- Nov 2014 Van straffen naar belonen
- Apr 2014 Schoenmaker blijf bij je leest
- Mar 2014 De discutabele rol van de accountant
2013
- Sep 2013 Veiligheid als concurrentievoordeel
- Jan 2013 Group Support Systems Research in the Field of Business Information Security — A Practitioner's View
2012
- Dec 2012 Kroonjuwelen slecht beveiligd
- Sep 2012 Goed huisvaderschap in strijd tegen cybercrime
- Aug 2012 Sterke concurrentiekracht met gedegen IT risk management
- Jun 2012 Business Strategy and Applications in Enterprise IT Governance (chapter 14) — A Research Journey into Maturing the Business Information Security of Mid-Market Organizations
- Mar 2012 Preventieve aanpak tegen cybercriminaliteit
- 2012 Er is niets zo praktisch als een goede theorie
2008 — 2010 · Foundational work
- Oct 2010 A Research Journey into Maturing Business Information Security
- Jul 2010 BOOK — Maturing Business Information Security: A framework to establish the desired state of security maturity
- Oct 2009 Use of Demo as a Methodology for Business and Security Alignment
- Jul 2008 Verantwoordelijkheid voor virtualisatie en beveiliging
Chapter VI · Recognition
A shelf of laurels — carried lightly.
2025
ISACA Inspirational Leadership Award
For sustained contribution to digital-security leadership.
2023 · 2024
Belgium Cybersecurity Awards — finalist
Nominated two consecutive years in the category Researcher of the Year.
2018
Top 100 CISOs globally
Named by the Cybersecurity Leadership Alliance.
—
Top 50 CISOs · Netherlands
Recognised by IT Magazine.