Angelos Varthalitis

Founder & vCISO · Two-time Mile2 Master · Mile2 Certified Instructor · NIS2 & AI Governance Advisor

Senior cybersecurity executive with 25+ years of experience leading enterprise information security across SaaS, energy, and transportation sectors in Europe. Founder of AVSecAdvisory and AVSec Academy — the official Mile2 Authorized Training Center for Greece. Holder of two Mile2 Master credentials (CM)CSSA, CM)DRE) and Mile2 Certified Instructor for three courses.

Διαβάστε στα Ελληνικά →

Who I am

I’m a CISO-track security executive currently leading the security program at a European childcare SaaS provider, while running AVSecAdvisory in parallel. I’ve built security programs from the ground up at companies with €7.4B in turnover, led SOC operations across 8 countries, and reported cyber risk to boards across sectors from childcare SaaS to critical energy infrastructure.

AVSec Academy was born from a clear gap in the Greek market: internationally recognised cybersecurity certification, taught with content that fits the European regulatory landscape (NIS2, EU AI Act, ISO/IEC 42001) — not US-market benchmarks.

Our mission

To bring Greek cybersecurity professionals globally recognised certifications — taught by an instructor who applies them daily as an active CISO. Not theory; applied know-how.

Current roles

Founder & vCISO

AVSecAdvisory · AVSec Academy

Pikermi, Attica · 2024 – Present

Independent cybersecurity consultancy and Mile2 Authorized Training Center for Greece. vCISO services, NIS2 compliance, ISO 27001 / 42001 implementation. Delivers 30+ Mile2 certifications to the Greek market.

Chief Information Security Officer

Ovivio NL B.V. (KidsKonnect)

Netherlands · Dec 2024 – Present

European childcare SaaS provider — protecting data of 1M+ children across NL/BE/UK/DE under ISO 27001:2022, ISAE 3402 and NIS2. Established SOC operations (MxDR, SIEM, SOAR) and secure SDLC controls.

DBA Researcher

Shadow AI Risk Governance Framework (SARGF)

2024 – Present

Author of the SARGF — a board-ready methodology for identifying, classifying and governing unsanctioned AI usage in enterprise environments. Research outputs feed directly into client advisory engagements and public thought-leadership.

Career track record

Advario B.V. — CISO

Rotterdam, Netherlands · 2022 – 2024

Global energy-storage company across 8 countries. Led global security transformation across IT & OT/IoT environments, achieved NIS2 readiness ahead of regulatory deadlines, and launched an enterprise SOC delivering an 85% reduction in Mean Time to Respond and 40% cost optimisation.

Corsearch — VP of Information Security

Amsterdam, Netherlands · 2022

Global SaaS platform for brand & trademark protection (1,500 employees). Extended ISO 27001 scope, prepared the company for SOC 2 attestation, and built a global infosec team.

Transdev Nederland (Connexxion) — CISO & Head of IT

Hilversum, Netherlands · 2018 – 2022

International public-transportation operator — €7.4B turnover, 85,000 employees across 19 countries. Managed €11M IT budget and a 42-engineer team, achieving #1 ranking in IT security performance across all 19 Transdev countries. Permanent member of the group global CISO committee.

Earlier roles

1998 – 2018

eVision Industry Software / Enablon (The Hague), XebiaLabs / Digital.ai (Hilversum), Backbase, BDO Hellas (IT & Security Manager 2007–2014), Cyprus Tourism Organization (Project Manager), City University of Seattle (Junior Lecturer), Boussias Communications.

Mile2 certifications

CM)CSSA
Master Cybersecurity Systems Auditor

CM)DRE
Master Disaster Recovery Engineer

C)AICSO
AI Security Officer

C)SP
Security Principles

C)DRE
Disaster Recovery Engineer

C)CSSM
Cybersecurity Systems Manager

C)ISMS-LA/LI
ISMS Lead Auditor & Lead Implementer

C)CSSA
Cybersecurity Systems Auditor

C)ISSO-A
Information Systems Security Officer (ANAB-accredited)

Mile2 Certified Instructor Status

Officially Mile2-certified Instructor for three courses:

C)AICSO — Certified AI Security Officer · ID 5318-177-748-5443 · 04/29/2026 – 04/28/2029
C)SP — Security Principles · ID 5318-177-757-1424 · 04/30/2026 – 04/29/2029
C)DRE — Disaster Recovery Engineer · ID 5318-177-757-1322 · 04/30/2026 – 04/29/2029

Additional credentials

NIST CSF v2.0 Specialist (AMPCUS Cyber, 2025) · AI Security & Governance (Securiti, 2024) · PCIP (PCI-SSC, 2021) · Cyber Incident Planning & Response — CIPR (CM Alliance, 2019) · People Management (University of London, 2019) · ITIL Foundation · Certified Scrum Master.

Why this matters for our students

AVSec Academy courses are taught by an officially Mile2-certified instructor who also holds two Mile2 Master credentials (CM)CSSA & CM)DRE) and is simultaneously an active CISO at a European SaaS company. I don’t teach theory from a book — I bring the calls I made last Tuesday in a board meeting, in a regulator escalation, or in a SOC tuning session.

Publications & speaking

Author — NIS2 Compliance Handbook (e-book for the EU mid-market)
Author — Formal policy proposal to the Hellenic Cybersecurity Authority (EAK) recommending CyFun framework adoption within Greece’s NIS2 implementation
Panelist — 13th Information Security Conference, Boussias (Athens 2026)
Moderator — Cloud Strategies Conference 2026, OTE Academy (Athens)
Regular contributor — varthalitis.eu / Substack: AI governance, Shadow AI, CISO–boardroom communication, NIS2 implementation

Education

Doctor of Business Administration (DBA) — In Progress. Research focus: Shadow AI Governance & SARGF.
MBA — Management Information Systems, City University of Seattle (2005)
BSc — Computer Systems, Networks & Telecommunications, City University of Seattle (2003)

Languages: Greek (native) · English (fluent) · Dutch (A2–B1)

Contact

Email
angelos@avsecadvisory.eu

Phone
+30 697 763 9689

LinkedIn
linkedin.com/in/angelosvarthalitis

Personal site
varthalitis.eu

AVSec Academy · Pikermi, Attica, Greece · academy@avsecadvisory.eu · +30 210 444 5684