Carlo Harpes, PhD in Information Processing and Cryptography, is the Founder and Managing Director of itrust consulting since 2007. He holds a Diploma in Electrical Engineering from the ETH Zurich. At the creation, Carlo had more than 14 years of experience in Information System Security having previously held the positions of Chief Technology Officer and Head of “Security Audit and Governance Services” at a PFS. From 1996 to 2004, he was Deputy Director and Head of the Information Security Department of a ICT service provider. Carlo Harpes is an ISO 27001 auditor for SNCH and PKI technical auditor for ILNAS.
itrust consulting’s growth, facilitated by co-financed research:
- Celtic BUGYO Beyond and ITEA2 DIAMONDS
From its beginnings, itrust consulting has succeeded in integrating the consortium of BUGYO Beyond, a large EU R&D project. This Research and Development project was complementary to audit missions and security consulting activities provided to institutional and private organisations. Within the Celtic projects BUGYO Beyond and ITEA2 DIAMONDS, the expert team at itrust is developing a platform and tools for risk analysis and treatment, security event management and security testing. itrust consulting differentiates from its competitors by developing specific security tools, systems and services.
Beyond the research made on security topics, itrust consulting is actively involved in the space domain and has therefore participated in the Luxembourg program LuxLAUNCH. The projects in which itrust consulting participates are linked to services, security, standards and study on new technologies related to space. Within this program, itrust consulting and other partners have developed the concept of a security assurance provider for localisation data. This project is followed-up by a 2 year ESA project named LASP, in which itrust consulting acted as coordinator. LASP is a project in which itrust consulting developed a prototype aiming to detect attacks on GNSS signals and providing users with an assurance level that quantifies the level of trust in a localisation.
In 2009, itrust consulting continued to expand its knowledge field by engaging itself in the FP7 project MICIE. By developing together with the other project partners a risk prediction tool, itrust consulting gained expertise in the protection of essential services providers.
In 2010, itrust consulting started the FP7 project Liveline for the development of a secure location sharing platform for vulnerable people and their family members. Throughout this project, itrust consulting familiarised itself with security and privacy issues related to Location Based Services (LBS) and developed appropriate countermeasures.
- Penetration testing services
In 2011, itrust consulting created its pentester team. Before that, if pentesting was needed, itrust consulting worked together with partners like SRC (Security Research Consulting GmbH). With this decision, itrust consulting created its own pentesting team which is composed of 6 persons at the end of 2016.
- iGoing, TREsPASS, CockpitCI, SPARC, TRICK light
As of 2012, itrust consulting is working on several projects, one of which is iGOing which aims at developing a prototype for indoor navigation based on the pseudolites technology. More projects itrust consulting is working on are TREsPASS, CockpitCI and SPARC. By engaging itself in R&D activities and consultancy/audit missions, itrust consulting is able to continuously improve its security tools and propose new services for fighting security threats.
Certain projects allow itrust consulting to develop tools that can immediately be used by its customers: TRICK light, a risk assessment and risk treatment tool used since 2008, has been tailored to the CSSF 12/544 Direction for the benefit of itrust consulting’s customers in the financial sector. It is used by several customers with an ISO 27001 certificated management system. More generally, itrust consulting has set-up all the required documents for ISO 27001 compliance. Thus we can prepare customers for 27001 certification and CSSF-compliance.
In 2013, itrust consulting created the first CSIRT (Computer Incidence Response Team) in Luxembourg’s private sector, called malware.lu CERT. Our staff executing the penetration tests, provide their knowhow to private companies and governmental institutions in the field of: incidence response, forensic investigation, malware analysis, and reverse engineering. In May 2013, itrust consulting launched its portal malware.lu. Through this portal, researchers and security professionals have the possibility to access malicious codes. After a couple of months, more than 3 million of malware samples like Stuxnet, Duqu, Red October, etc., have been available on that site.
In 2014, itrust consulting in partnership with SnT, Lux metering and CREOS started a national research project to develop a risk monitoring application for the future smart metering infrastructure and similar control systems.