Maxim Deweerdt

Maxim is a SANS Certified Instructor proficient in teaching both SEC511: Continuous Monitoring and Security Operations and LDR551: Building and Leading Security Operation Centers. Currently part of the leadership team of the Managed Services branch at NVISO, a premier European cybersecurity company committed to safeguarding the foundations of European society from cyber attacks. With over a decade of in-depth experience in cyber defense, Max has garnered comprehensive insights spanning policy and frameworks, risk & compliance, and deep technical areas such as threat hunting, incident response, and SOC operations. As a trusted advisor, he has served numerous governments, large corporations, and businesses throughout the EMEA region.

More About Maxim


Max’s first 'real' contact with cybersecurity was an ISO27001 audit project he was assigned to, as part of finalizing his education at HoWest University College. It brought him in contact with all aspects of cybersecurity and he learned a lot. The project ended so well (the company passed the audit with flying colors) that they hired after graduating as a Cybersecurity Officer.

Max has been knee-deep in incident response for private and public sector, including responding to incidents that often make the news. Also, in his previous capacity as the technical team lead for Belgium's national CERT he was exposed to many interesting threat actors in Europe. His experience as Cyber Defense consultant in the Middle East also brought him in close contact with relevant threats. Throughout his career he has been working on Cyber Defense projects including building up SOCs and maturing them, Threat Hunting, Detection Strategies and Adversary Deception. Max believes his experience brings a lot of value to the table for SANS students.

Max is a strong believer that we need more and better cyber defenders - that's why he's so passionate about teaching cyber defense. “We are facing immense challenges in our present time and the future regarding the protection of our digital infrastructure. Extra attention to detection and response will help towards creating a safer environment.” Max says.

Max has been involved with Incident Response on major cases in various continents and has been running Threat Hunting/Compromise Assessments for many years in various small to large environments. He had the opportunity to help secure vital infrastructure from a technical and policy-maker perspective, which fueled his passion for cyber defense even more. Also, he has been a key resource to quickly and successfully respond to major incidents in multiple countries.

As a SANS Certified Instructor teaching SEC511: Continuous Monitoring and Security Operations, Max is able to accomplish a number of things – help fill the need for more and better cyber defenders, live out his passion for teaching and giving back to the community.

He’s a huge believer in making training as interactive as possible. Live Online or Live training - it doesn't matter, he consistently interacts with his students to immerse them into the content. Sharing his experiences in the form of stories, extra content and tools/techniques is also part of his teaching style!

Max Deweerdt is also a principal consultant at AlfaSec, the professional services company he founded in 2019. He has extensive experience with a range of Cyber Defense topics - from policy and frameworks, risk & compliance to deep technical expertise (e.g. threat hunting, incident response, SOC). Max is a trusted advisor to various governments, large corporations and businesses in the EMEA region.

Unlike the 'red teamers' or 'pentesters', Blue Teamers do not (yet) have fully automated tools for detection and response. We have to dig in and 'know' our environments in order to spot anomalies and kick adversaries out. During his teaches, he aims to instruct on a mindset of detection & rapid response using proven techniques and focus on the tools that deliver consistently.

Max holds a bachelor’s degree in computer science from HoWest University College in Belgium, which was one of the first academic institutions to provide an official cybersecurity curriculum in Belgium. Having spoken at SANS summits, RSA and private events, Max is a seasoned speaker and often invited to board meetings and company events. Max also holds several security certifications including GIAC GPEN, GMON, GCFA, GNFA, GICSP, and GCIH.

He loves to read: fiction and non-fiction and enjoys diving, swimming and binging shows. He also likes to spend his free time volunteering for not-for-profit projects like coding for kids and re-orientation programs for people who want to shift their career to cybersecurity.

Hear Maxim, with Michael Coene, talk about Threat Hunting:



"So many ducks, so little time", SANS Threat Hunting Summit 2017