CIPHER is a project funded by the European Commission under the Digital Europe Programme, focused on strengthening cybersecurity resilience across critical sectors through the development of advanced experimentation and validation capabilities. The project builds a collaborative platform that enables organisations to assess, test, and improve their cybersecurity posture in realistic environments, facilitating the validation of security solutions, compliance with European frameworks, and the adoption of proactive, risk-driven approaches to cybersecurity.
Personal contribution
Within CIPHER, I lead Work Package 2 and Task T2.1, where I am responsible for the design and implementation of the platform’s cyber-risk and threat intelligence layer. My work focuses on building the core intelligence engine that enables the platform to transform raw security data into actionable risk insights.
In Task T2.1, I lead the integration and operationalisation of cyber threat intelligence within the platform. This includes the ingestion, normalization, and correlation of threat intelligence from multiple sources, both public and private, and its alignment with vulnerabilities, assets, and attack patterns. As part of this effort, I am responsible for the integration of MISP (Malware Information Sharing Platform) into CIPHER, enabling structured threat intelligence sharing, enrichment, and correlation across the platform. This allows the system to maintain an up-to-date and contextualised view of the threat landscape, directly feeding the risk assessment processes.
At the Work Package level, I define the architecture and methodologies for dynamic risk modelling, combining threat intelligence, vulnerability data, and behavioural signals. A key contribution is the integration of PreventUEBA, a solution I developed at i2CAT, into the CIPHER platform. Through this integration, the platform incorporates user and entity behaviour analytics to identify early-stage risk exposure and predict potential attack vectors, moving beyond traditional reactive detection approaches.
My responsibilities also include designing the data pipelines and correlation mechanisms that connect threat intelligence, behavioural analytics, and risk scoring models, ensuring that insights are consistent, scalable, and reusable across different use cases. In addition, I coordinate technical activities across partners within WP2, aligning data models, interfaces, and integration strategies to ensure interoperability and seamless interaction with other components of the platform, such as the cyber range and automated penetration testing modules.
Overall, my work establishes the foundation that enables CIPHER to shift from static security assessment to dynamic, intelligence-driven risk anticipation, providing organisations with the capability to understand, prioritise, and mitigate threats before they materialise.