Governing Body Spotlight

Member of the Benelux CISO Community

Thomas Colyn

Chief Information Security Officer

De Persgroep

Give us a brief overview of the path that led to your current role.

As CISO, I'm part of the central IT organisation of DPG Media in Belgium and The Netherlands, with a mandate over the five IT departments within the DPG Media Group. 

I started my professional career at the Belgian Department of Defense. After intense officers’ training and a specialization in Communication and Information Systems, I started my career as a young Platoon Commander in 2008. During my 13-year active career, I participated in several foreign operations as Head of IT. In 2016, I was assigned to the General Staff to take up the function of Information Security Officer. In this role, I was responsible for the development and accreditation of the Defense Classified Systems. 

In March 2020, I joined DPG Media. DPG Media is a media company active in Belgium, The Netherlands, and Denmark, across different media branches such as radio, television, news media, magazines, and online services. DPG Media allowed me to build cyber security capacity based on a solid cyber security governance framework. Since July 2021, I have also been active as an Army Reserve Officer to provide strategic IT governance advice.  

Learn more about leaders in the Benelux CISO community here.

What is one of your guiding leadership principles?

A cyber security governance model must respect the company IT culture, not change it altogether. It should be translated into an actionable, strategic roadmap to add a layered security model. 

With disruption being a key theme of the past few years, where do you see your role as a CISO going in the next 1-2 years?

I think the partnership between the CISO and the 'Business' will intensify. Due to the more aggressive criminal cyber landscape, the importance of cyber and operational resilience will grow exponentially. Besides preventing and stopping a cyber-attack, getting on your feet as quickly as possible will become hyper important. The business strategic risk acceptance will be part of our CISO mindset.

What advice would you give to someone just starting out in the role as a CISO?

Respect the IT culture, and try not to break the established way of working. Nevertheless, you should build and maintain a security model layered on top of the company's IT culture. Try to integrate this model to become part of the IT culture, so it becomes adopted and accepted by the IT community. Use the IT risks, incidents, and industry standards to build that layered model.  

Tell us 3 fun facts about yourself.

  • I started working on the first day of the COVID-19 lockdown in Belgium. During my almost two years of working for DPG Media, I have never experienced a full office.

  • There is nothing better for decompression than taking my mountain bike for a ride in the forest.

  • If I had to choose between a 3-star Michelin restaurant or French fries with pickles, I know which one I would choose. 

What is the value of participating in a professional community through Evanta?

The most significant value of participating in the Evanta community is meeting and getting to know peers; CISOs from other companies all tackling the same problems. In the community, we are able to share insights and discuss these problems openly.



Evanta Governing Body members share their insights and leadership perspectives to shape the agendas and topics that address the top priorities impacting business leaders today.


by CISOs, for CISOs

Join the conversation with peers in your local CISO community.