Eddy Willems – Security Evangelist

Cybersecurity Expert, Author & Keynote Speaker

I was born in 1962, married to Nadine, and we have a son, Frank. I studied Computer Sciences at IHB and VUB Brussels, starting my career as a Systems Analyst in 1984.

A Pioneer in Cybersecurity

My journey into cybersecurity began in 1989 when I became one of the first in the world to solve the infamous ‘AIDS Information’ diskette Trojan case—widely recognized as the first ransomware. TV reports and newspaper articles at the time document my role in this groundbreaking case. From then on, I dedicated my career to studying computer viruses and cybersecurity.

In 1991, I co-founded EICAR (European Institute for Computer Anti-Virus Research), one of the world’s oldest security organizations, where I later served as Director of Security Industry Relationships and Board Member.

I also contributed the original “Virus Article” to the Microsoft Encarta Encyclopedia (1997 edition onwards).

In May 2000 I was part of Belgium’s first CERT-like initiative technically driving the first early warning security system in the world by using RDS-radio.

Since 1995, I have been an active reporter for Belgium and Luxembourg in Joe Wells’ WildList (now the ThreatList, owned by AMTSO). In 2023, I joined its Advisory Board.

Over the years, I have built one of the most comprehensive reference libraries on computer security, covering software, books, and virtually everything ever published in the field.

International Leadership Roles

I have held leadership and advisory positions across several international cybersecurity organizations, including:

EICAR (European Institute for Computer Anti Virus Research) – Co-founder since 1991, Director of Press & Information (2000), later Director of Security Industry Relationships.

AMTSO (Anti Malware Testing Standards Organization) – Member since 2010, Board Member 2012–2019.

LSEC (Leaders in Security) – Board Member since 2014.

AVAR (Association of Anti Virus Asia Researchers) – Board Member 2019–2024.

CSA (Clean Software Alliance) – Chief Operating Officer Software since 2024.

I remain the only Belgian who has ever served on the boards of three international cybersecurity organizations at the same time.

Career in the Security Industry

I worked as Malware Researcher and Security Technology Expert with NOXS (a Westcon-Comstor company) representing McAfee, TrendMicro and Symantec, and later as Security Evangelist for Kaspersky. From 2010 until late 2024, I served as Security Evangelist and Global Security Officer at G DATA CyberDefense. Since November 2024, I have continued my mission independently as Security Evangelist at WAVCi (Willems Awareness, Vulnerability and Cybersecurity Insights), my own company. My work today spans research, consultancy, public and keynote speaking, training, media engagement, and high-level advisory.

Keynote Speaker & Media Expert

Since 1996, I have been a highly sought-after public speaker on cybersecurity and malware. I have spoken at major conferences worldwide including Virus Bulletin, EICAR, AVAR, InfoSecurity, CeBIT, RISE, FIRST, and Underground Economy, as well as delivered the widely praised TEDx talk “A Tale of Two Floppies.”

I have given lectures and keynotes in 40 countries across 5 continents, addressing audiences ranging from school children to seasoned experts. Organizations can book me for inspiring, thought-provoking keynotes or lectures through major speaker agencies, including Read-My-Lips, Speakersbase, A-Speakers, All American Speakers, Speaking.com, and the London Speaker Bureau.

As a recognized media commentator, I am regularly interviewed by international outlets such as CNN, Al Jazeera, TRT World, and many others. Since 1989, I am one of the most frequently quoted cybersecurity experts worldwide from Belgium.

Publications & Thought Leadership

Cybergevaar (Lannoo, 2013) – Dutch edition
Cybergefahr (Springer, 2015) – German translation
Cyberdanger (Springer, 2019) – updated and expanded English edition
Het Virus (Lannoo, 2020) – co-authored SF cyberthriller with Alain Dierckx
The Virus (Lannoo, 2025) – English edition released globally

In addition, I frequently write articles, blogs, and whitepapers for international publications.

Some examples:

– The original article on computer viruses in the Microsoft Encarta Encyclopedia (US Edition, 1997-2009, no longer available online).
– Willems, Eddy (June 2003). “The Winds Of Change – Updates To The EICAR Test File (Article)”. Virus Bulletin.
– “Teach your children well (Paper)”. Virus Bulletin Conference 2005. (Co-authored by David Harley, Eddy Willems and Judith Harley.)
– “Attacks from the Inside (Paper)”. Virus bulletin Conference 2010. (Co-authored by Eddy Willems and Righard Zwienenberg.)
– “Test Files and Product Evaluation: the Case for and against Malware Simulation (Paper)”. AVAR Conference 2010. (Co-authored by David Harley, Eddy Willems and Lysa Myers.)
– “Oops! It happened again. (Paper)”. Virus Bulletin Conference 2019. (Co-authored by Eddy Willems and Righard Zwienenberg.)
– “Fool Us!”, or is it “Us Fools!”? … 11 “Fools” years later…(Paper)”. Virus Bulletin Conference 2021. (Co-authored by Eddy Willems and Righard Zwienenberg.)
– And much more …

Special Contributions & Legacy

I am the only person in the world still in possession of the last remaining physical copy of the first ransomware (AIDS Info rmation Trojan, 1989). I was one of the first to develop a solution for it.

In May 2000 I was the only cyber expert from the private sector inside the Belgium’s first CERT-like initiative where we created the first early warning security system in the world by using RDS-radio.

In August 1995 I launched the first independent cybersecurity website www.wavci.com in the world, which later evolved into www.anti-malware.info. Today, www.wavci.com redirects to my official site.

There are many more contributions and achievements that I can’t mention due to NDAs and other regulations.

Awards & Recognitions

2025 – Best Speaker Award

AVAR 2025 Conference – Kuala Lumpur, Malaysia
Talk: “SESE, Social Engineering Second Edition”
(duo presentation with Righard Zwienenberg)
Issued by: AVAR · Associated with: WAVCi

2025 – Finalist Belgium’s Cyber Security Personality of the Year 2025

Belgian Cyber Security Coalition Award Ceremony – Tervuren, Belgium
Nominated for my lifelong commitment to advancing cybersecurity and protecting users worldwide!
Issued by: Belgian Cyber Security Coalition · Associated with: WAVCi

2025 – Hall of Honors AVAR Award

AVAR 2025 Conference – Kuala Lumpur, Malaysia
Awarded for my longtime involvement at AVAR and my 3 decades of dedication in the security industry.
Issued by: AVAR · Associated with: WAVCi

2024 – Best Speaker Award

AV-Comparatives Security Conference & Award Ceremony – Innsbruck, Austria
Talk: “Let’s Chat about Gross Public Text Generation” (duo presentation with Righard Zwienenberg)
Issued by: AV-Comparatives · Associated with: WAVCi

2023 – Best Speaker Award

AV-Comparatives Conference Days & Award Ceremony – Hall in Tirol, Austria
Talk: “You Ain’t Seen Nothing Yet!” (duo presentation with Righard Zwienenberg)
Issued by: AV-Comparatives · Associated with: WAVCi

2022 – Contributor of the Year

AMTSO RTTL Contributor of the Year 2020–2021
Recognized for highly valued and continuous contributions to the Real Time Threat List (RTTL – Malware)
Issued by: AMTSO · Associated with: G DATA CyberDefense

2021 – Best Member Award

AVAR 2021 Virtual Conference – Asia
Awarded for active global work in cybersecurity
Issued by: AVAR · Associated with: G DATA CyberDefense

2020 – Best Speaker Award

AVAR 2020 Virtual Conference – Asia
Talk: “Covid-19 and Cybersecurity: Side Effects or Business as Usual?”
(duo presentation with Righard Zwienenberg)
Issued by: AVAR · Associated with: G DATA CyberDefense

2018 – Best Speaker Award

AVAR 2018 Conference – Goa, India
Talk: “Oops, It Happened Again!”
(duo presentation with Righard Zwienenberg)
Issued by: AVAR · Associated with: G DATA CyberDefense

2010 – Numerous Awards

Over the past three decades, I have received a variety of honors and awards both inside and outside the cybersecurity industry.
The list above highlights the most recent recognitions.

Languages & Contact

I speak Dutch, English, French, and some German. For email correspondence, I reply in Dutch or English. A full bio and press pictures are available on request.

Looking for an inspiring keynote speaker or lecturer?

With decades of frontline experience, global recognition, and a proven talent for making complex topics engaging, I bring stories, insights, and foresight that resonate with business leaders, governments, and the general public alike.

How to contact me

If you have media related questions about a security topic or if you want to book me for a keynote or a lecture, you may contact me!

Press people, researchers and journalists may contact me directly on my phone +32 475 83 29 71 or by direct message via my social media channels X(Twitter) or LinkedIn and also via WhatsApp, Signal or Telegram. I am available 24×7!

For interviews and other media related questions please contact me via the email-address ‘press (at) wavci (dot) com’ .

If you want to book me for a keynote or a lecture please contact me via the email-address ‘info (at) wavci (dot) com’ .

Don’t forget of course to replace ‘at’ with @ and ‘dot’ with . to create a normal email address: this is done for anti-spam purposes.

You can download here some hi-res press pictures (14 Mb – you can ‘rightclick’ and download the archive) and use them for your publications. More pictures are available on request.

This site is and will remain always completely independent!

Inspiring with passion and storytelling

BIO’s of Eddy on other websites

Wikipedia English
Wikipedia Nederlands
Wikipedia Chinese
Wikipedia Japanese
Wikipedia Arabic
LinkedIn : Via the LinkedIn site
EICAR Board Members : Via the EICAR site
LSEC Board Members: Via the LSEC site
AVAR Honored Board Member: Via the AVAR site
Belgian Cyber Security Personality Finalist: Via the Belgian Cyber Security Coalition site
ReadMyLips: Via the Speakers Office Read My Lips (Belgium)
Speakersbase: Via the Speakers Office Speakersbase (Belgium)
AAE Speakers: Via the Speakers Office AAE Speakers (US)
Speaking.com: Via the Speakers Office Speaking.com (US)
A-Speakers: Via the Speakers Office A-Speakers (Denmark, Worldwide)
London Speaker Bureau: Via the Speakers Office London Speaker Bureau (London, UK, Worldwide)
I’ve been one of the Anti-Malware Experts of Kaspersky Lab : Via the saved webpage (Analyst page – removed March 2010 – you can ‘rightclick’ and download the document)
Who is who on the WildList? : Via the WildList – not available anymore: moved now to the ThreatList page.
www.anti-malware.info (the original www.wavci.com): My first and original homepage since 1995 (no https and not recently updated anymore).

Willems’ Laws

I always try to explain the real basic cyber security related problems in layman’s terms. This is what I did since the beginning of the nineties when I described several malware related issues to the public during radio and TV interviews. Around 2000 it became clear to me that always humans are involved in every security related problem so I came up with 2 descriptions, later called Willems’ Laws, which I wrote down in my books ‘Cyberdanger’ and ‘The Virus’ and highlighted during my keynotes (including my TEDx talk: A Tale of Two Floppies, the basics of cybersecurity) and interviews.

Willems’ First Law

The more popular a platform (system/device/media) is, the more targeted it will be.

Willems’ Second Law (the most important)

This formula asserts:

CSP = TF × MF

CSP = Cyber‑Security Problem

TF = Technological Factor (e.g. malware, vulnerabilities, exploits)

MF = Human Factor (e.g. naivety, curiosity, social engineering)

In other words, almost any cybersecurity issue is a direct result of a combination of technological and human factors. Most malware would not stand a chance without naivety, curiosity, or other human weaknesses. In other words: a cybersecurity issue only arises when both technology and human weaknesses intersect.

www.eddywillems.be

WAVCi.com - Cyber Security Expert Eddy Willems

About me