Trusted Fintech Program

CyberSecurity Trust Label for Fintech startups and scale-ups

CyberSecurity Trust Label for Fintech startups and scale-ups


After completing this program, key persons of your company will have been immersed in the world of CyberSecurity (just enough, not too much), and equipped with insights and best practices needed to avoid a breach of customer data, intellectual property or trade secrets, and bottom line to protect reputation and brand of your company and the companies you partner with or work for.

The Program will offer you very tangible and immediately applicable tips, tools and techniques in order to improve your cybersecurity skills, processes and technologies. After successful completion of this Program your company will receive the “Trusted Fintech” label that you can use to show your commitment to better CyberSecurity.

Unique about this program is that it goes far beyond traditional classroom-based training by leveraging the B-Hive CyberSecurity community and incorporating our members’ insights and services into the program as well.

By joining this Program, we will have your website/application tested by ethical hackers, research the external attack surface of your business before somebody else does, have feedback on your incident response processes, get insights from a cybersecurity assessor at a large organization tasked with third-party vendor security, you will experience the stress of a cyber incident during a simulated data breach role-play game, etc.

On top, we believe that CyberSecurity isn’t a competitive advantage. If one Fintech get hacked and data is breached, overall trust in the Fintech ecosystem decreases. Combating cybercrime and safeguarding customer information is a shared responsibility, so during the program we will facilitate you to network with the CyberSecurity community and security experts of other Fintechs, so that you can establish long-lasting relationships that will hopefully enable CyberSecurity collaboration and information exchange between your companies.


For Whom?

For technical founders, CTO’s, chiefs of software development, software architects, senior developers, security officers, data protection officers, … of digital companies active in the Financial Services industry: FINTECH (also Insurtech). We welcome all companies ranging from early stage startup to mature scaleup.

The program includes for TWO people of your company to attend the sessions. We believe it is best that the same people consistently attend the whole program, in case you want to send different people for different modules please contact us. The preferred option is to enroll extra people (€ 350,- per extra person added).


Why This Program?

The speed of digital transformation forces large enterprises to increasingly make use of smaller software-based tech companies in order to keep up with the pace of their competition. Meanwhile, data breaches continue to dominate the headlines. A worrying observation is that cyber criminals are targeting large enterprises more and more by targeting their suppliers, leading to a steep increase in third-party vendor data breaches.

As a result, large enterprises are increasing the time and energy they are spending on making sure their suppliers have implemented the highest security standards through recurring cybersecurity risk assessments and by using lengthy questionnaires. After all, there is a lot at stake; if consumer data is breached, the enterprises remain responsible. Most large enterprises have a rigid approach to procurement and third-party vendor risk management, and they often try to transfer their risks to their suppliers. In reality, however, most of the often-smaller suppliers don’t have sufficient financial backing to survive in case their end customers’ data would be breached.

You’re not done with CyberSecurity just by assigning the role of “Security Officer” to someone in your team and buying a few tools. Approaches to innovation such as “design thinking” and “minimum viable product” are great, but should never be a reason to “add security much later”. Security should be embedded in the DNA of every software company from day one. The cost of implementing an adequate security program increases exponentially the longer you wait down the product development roadmap.

You will:

  • be assessed on the current state and understanding of CyberSecurity

  • learn the basics (and shortcuts) needed to run an effective Information Security Management Program

  • learn about third-party security assessments, how to fill in the lengthy questionnaires, and bottom line accelerate the procurement process by being able to anticipate to imposed requirements

  • receive the valuable “B-Hive Trusted Fintech” label



Our customers expect banking solutions that are easy and safe to use. We do this by applying high standards in the areas of quality, reliability, security, and the protection of data and privacy – both for internally developed solutions, as well as for those that are built with partners. For that reason, we welcome B-Hive’s TrustedFintech Program. It will raise awareness among FinTechs, and enable them to design solutions that integrate security and privacy requirements from the start
— Jan De Blauwe, Head of Global Security at BNP Paribas Fortis
The result of Digital transformation and Open Banking is that our risk landscape is more and more including external solutions that we don’t operate and protect ourselves. We see that with smaller startups and scaleups there is often a gap between their notion of CyberSecurity and the level of protection we require them to have. That is why we are so supportive of the B-Hive Trusted Fintech program, as it really aims to immerse the staff of those companies, from the developers to the founders, in the world of Information Protection. Organizations joining this program give us an important signal of how much they value the safeguarding of information, ultimately protecting brand and reputation.
— Jan Nys, General Manager Information Risk and Infrastructure Architecture of KBC Group
It is a misconception that fintechs and banks are opponents. Banks need fintechs for their digitisation projects and fintechs need to leverage the expertise of banks to deliver on their selling proposition. However, lack of visibility about cyber risk management capacity and strict rules, including in the area of outsourcing, are often a stumbling block to smooth cooperation between fintechs and banks. With this label, we offer a solution to this problem. A quality label will help fintechs and banks to work together more quickly. This is a unique initiative in Europe that has Febelfin’s full support.
— Karel Van Eetvelt, CEO of Febelfin



Practical Info: Price, Dates and What is included?

The cost for a company to join the program is as follows:

FULL PRICE: € 7.850,-

B-HIVE MEMBER: € 6.950,- (membership paid)

MEMBER OF A PARTNER ORGANIZATION: € 7.450,- (promo code required)

  • All prices VAT not included

  • Contact us for special requirements regarding invoice, e.g. split the amount 2018/2019.


  • Two people of your company to join the training sessions

  • Theoretical training managed by Prof. Georges Ataya and affiliated top CyberSecurity trainers. Prof. Georges Ataya is Founder and Academc Director of IT Management Education in charge of the executive Master in IT Management, Information security Management, Data Privacy ( and ( Vice President of the Belgian Cybersecurity Coalition. Acted as International Vice President for ISACA and the IT Governance Institute and as President ISACA Belux (, Founder ISSA BE ( Board member at AGORIA DIGITAL Industries, ISACA BE, BECI, and CIONET.

  • Hand-outs for every session

  • Access to the Trusted Fintech networking platform

  • The official ISACA CSX paperback handbook for every participant

  • A penetration test of your main website/application/app/API’s (by Intigriti)

  • Latest practical insights into securing API’s, applications, setting up security monitoring and alerting, how to set up the Elastic stack for forensics, and an example of a security incident (by Bitsensor)

  • A first discovery, analysis and examination on all your internet facing assets (by Sweepatic)

  • Deep dive into what assessors at large organizations look for in a security program of their suppliers. (by Digitribe)

  • A joint Cyber Incident (data breach) Simulation Game, based on Kaspersky KIPS (by NVISO)

  • A Secure Coding tournament for your developers, and one month of access to a Learning Platform to learn Secure Coding skills (by Secure Code Warrior)

  • Additional practical insights and tools regarding NIS and GDPR (by Cranium and iGuards)

  • Additional insights and best practices related to Customer Identity (by Onegini)

  • Insights of the general framework of risk management in a bank (by Febelfin Academy)

  • The “Trusted Fintech” label, provided you pass the self-assessment at the end of the program, and you have attended at least 80% of the sessions

  • As a B-Hive Trusted Fintech alumnus you will get access to the Alumni network, where information on CyberSecurity best practices and threats will be shared, as well as additional benefit

  • In the local program you get access to the co-working space in the afternoon


  • The ISACA CSX certificate or exam voucher

  • Hotel and evening activities cost for International Residential program (approximately € 1.500,- per person)

  • If you like to stay for afternoon co-working in the local program, lunch is not included


  • One extra person to join: + € 350,-

  • For people who want to obtain the CSX certificate: + extra half day of exam prep, exam voucher, certificate cost, ISACA membership. Cost: to be discussed during training, depending on number of people interested.

  • A discount for IT Security courses from Solvay Business School

  • Discounted offerings from our Content Providers, such as:

    • A Bug Bounty program

    • Assistance for attaining NIS Compliance, ISO 27K certification, …

    • Software to protect your web/API/… environment

    • Identity, self-enrollment, customer identity, authentication solution

    • A software code review

    • Data Privacy Officer (DPO) as a Service

    • Gamified approach to Secure Coding training and awareness

    • Regular monitoring of your digital footprint

    • etc.


The program will be offered in two variations: a LOCAL edition and an INTERNATIONAL edition.


The local program consists of 12 contact moments spread over 4 months.


  • Kick-off in Brussels: 29-11-2018 (full day)

  • Morning sessions on: 05-12-2018, 11-12-2018, 10-01-2019, 16-01-2019, 24-01-2019, 31-01-2019, 02-02-2019, 20-02-2019, 28-02-2019

  • Closing ceremony: 21-03-2019 (evening)

  • The training location is kindly provided and sponsored by: The Crescent, “Business center De Mot”, Motstraat, Mechelen. They provide co-working space, virtual offices and office space for startups and scale-ups.

All sessions, except for the full day kick-off, will be organized as follows:

08.00 - 08.30 : Welcome & croissants
08.30 - 12.30 : Sessions with one coffee break
12.30 - ……. : Free access to the Business Center: there is a restaurant, open office for co-working, Wi-Fi

If needed we can make reservations for additional meeting rooms for the afternoon, at extra cost, and depending availability. The CyberSecurity content providers can be available in the afternoon should you want to get 1-1 advice from them. For each session we have lined up one or more different content providers.


The international program is a residential accelerated program in a hotel: arrive on Sunday, and fly back home on Friday afternoon.


  • Kick-off via web meeting / conference call

  • Welcome & networking event on Sunday evening

  • Classes: Monday - Friday noon

  • Extra: presentation on benefits and subsidies of opening an office in Belgium, networking with local trade organizations and partners

  • Closing ceremony: combination of local and webex

  • Timing: April 2019 (To Be Confirmed soon)


Detailed program


Length: 1 x 1 full day 09.00 - 16.00

The full-day kick-off will take place at the heart of the Belgian Finance community: Febelfin Academy.


  • Importance of trust

  • Risk management in banks

  • Introductions and pitches

  • Pre-work instructions

  • Practicalities


Length: 2 x ½ day 08.30 - 12.30

Two half-days will be spent on the CyberSecurity Fundamentals (CSX) curriculum by ISACA.


  • Cybersecurity introduction

  • Concepts, frameworks

  • Attack types and vectors

  • Malware

  • Control processes

  • Security architecture

  • Infrastructure security


Length: 4 x ½ day 08.30 - 12.30

Four half-days will be spent on Secure Technology as typically used in a Fintech (SaaS/Cloud)


  • Application security, secure coding

  • Web & API security

  • Cloud security

  • Mobile security

  • Security architecture


Length: 1 x ½ day 08.30 - 12.30

One half-day will be spent on regulation, compliance, certification for companies and practitioners


  • Compliance versus risk based approaches

  • Regulations overview

  • Information security frameworks

  • Certification


Length: 1 x ½ day 08.30 - 12.30

One half-day will be spent on what to do in case of a cyber incident with or without data breach


  • Incident management handling

  • Frameworks & standards

  • Incident Response Plan

  • Data breach simulation role-play game (Kaspersky KIPS)


Length: 1 x ½ day 08.30 - 12.30

Deep dive into what assessors at large organizations look for in a security program of their suppliers.


  • Purpose of a Security & Data Privacy Third party assessment

  • How to use Certifications/standards/frameworks (ISO 27001, PCS-DSS, CoBIT, GDPR, SWIFT CSP,…)

  • Main controls to put in place

  • Understand and respond to a TPSA questionnaire

  • How to prepare evidence





Name *
What program edition are you interested in? *
Pick at least one
Plan de travail 1DFE.jpg