Dr Carlo Harpes is an expert in information and computer security, with 32 years of experience in consulting, research, education, and standardization. He is the founder (in 2007) and managing director of itrust consulting. Prior to this, he had been Managing Director and Head of Security, Audit, and Governance of Security at Telindus PSF (3 years), and before, during 8 years, he had been CISO and head of Risk management at CETREL S.C., the electronic payment operator in Luxembourg.

Carlo Harpes holds a PhD in information techniques and cryptography, as well as an electrical engineering diploma from EPF Zurich. He was PKI expert registered at ILNAS, External 27001 lead auditor, and assistant professor associated to the University of Luxembourg. Furthermore, he is one of the founding members of CLUSIL and national representative of ISO/IEC JTC1 SC27 for almost 20 years.

In recent years, Carlo Harpes has made a major contribution to the drafting of security policies for the Luxembourg government. He was a senior advisor and prepared the ISO/IEC 27001 certification of a major international service provider, a cloud service provider, a satellite operator and a telecommunications operator. He was an internal auditor for many organizations in both the private and public sectors, helping to prepare them for 27001 certification. He is the architect of OpenTRICK a risk assessment tool and has applied this tool more than a dozen times, including in preparing for 27001 certification and conducting data protection impact assessments (DPIA). He has carried out risk analyses and technical audits on various critical infrastructures, including in the energy and telecoms sectors and on public key infrastructures. Carlo Harpes was project manager for a large number of penetration tests in Luxembourg and abroad. He also manages the malware.lu CERT and monitors cybersecurity challenges.

With itrust consulting, he participated in multiple international research projects, often as Task or Work package leader: BUGYO Beyond (Celtic), DIAMONDS (ITEA2), CockpitCI (FP7), MICIE (FP7), Liveline (FP7), iGOing (FP7), SGL Cockpit, TRESpASS (FP7), IDS4ICS (AFR grant supervision), ATENA (H2020), bIoTope (H2020), QUARTZ and Eagle-1 (on quantum key distribution over satellite), CRITISEC (on intrusion detection on critical infrastructures), TOKEN (on security and blockchain applicability), LuxQCI (ESA), Lux4QCI (HorizonEurope), CyFORT (on open source cybersecurity tools for Cloud security), most of them supporting Carlo’s contribution to standards and open source tools. In NSC01, Carlo Harpes will continue his role as co-editor and contributor, in particular to foster use of norms in Luxembourg in all sectors covered by NIS2 and to contribute to clear and short standards of value for small organizations.

Ingo Senft, born in 1966, joined itrust consulting in August 2016. As Chief Administrative Officer his area of responsibility covers internal administration, Human Resources, Sales Management, Public Relations Management and Security Consultancy. As Senior Manager with significant business experience (> 25 Years) Ingo supports the Managing Director and secures the planned growth and further development of itrust consulting. Based on his previous experience in dealing with customers from various sectors he also consults itrust consulting's customers. From 2018 to 2020 he was nominated Chief Information Security Officer (CISO).

Before, as Head of Quality and Information Security Management, he was responsible for the implementation/management of an integrated Management System at the euroscript Group (today: Amplexor) ensuring compliance with various ISO standards: e.g. Quality Management (ISO 9001/EN 9100/ISO 13485/ISO 14971), Information Security Management (ISO 27xxx/ISO 22301/ISO 31000), Corporate Social Responsibility (ISO 26000) and the approval as PFS Support issued by the CSSF.

Since 1990 he was continuously involved in the Sales process for Public Institutions and the Private Industry covering various responsibilities as: Sales Manager for newspaper systems, Product and Sales Manager for data transmission systems, Head of EU Sales and Business Project Manager. Ingo holds a Master’s degree in Electrical Engineering awarded by the University of Applied Sciences in Frankfurt, where he specialized in computer science, data protection and security. He is certified as internal Auditor for Quality Management, for Information Security Management, as Project Manager (PRINCE2) and experienced (>10 years) in the planning and implementation of Business strategies.

Anna Chezganova joined itrust consulting in March 2022, first as an intern supporting the management of security documentation, and then in April 2022 started as an IT consultant.

In 2006, Anna obtained her bachelor's degree in ‘Economic Cybernetics’ from the Kyiv National Economic University, Ukraine, and in 2007 she completed her master's degree in ‘IT Management’ at the same university. Parallel to her master's degree, Anna was already practicing her knowledge of IT management and, after graduating, began her IT career as a database administrator (supporting CRM). A year later she was promoted as Project Manager and Head of IT Department in a manufacturer of cosmetics in Ukraine.

At itrust consulting, Anna uses her 14 years of experience in IT to support our customers in maintaining their IT security documentation and the IT security implementation process.

Benjamin Hodzic completed his studies in philosophy at the University of Luxembourg with great success. In September 2021, he joined itrust consulting as a document manager to draft and adapt RGPD-compliant documents and documents for various management systems to the specific needs of customers.

Since 2022, Benjamin has been supporting several itrust consulting customers in the implementation and maintenance of their information security management systems (ISMS), where he has specialized in business continuity management. For the public entity SIGI, he has been active as CISOaaS (Chief Information Security Officer as a Service) to maintain and improve their existing ISMS, and also as Legal Archiving Officer (CAL) in their PSDC activities.

He also assists the CISO of an essential service operator in the energy sector on a part-time basis to maintain the ISMS.

In addition, Benjamin has taken on the role of Quality Manager for itrust consulting to ensure consistent quality of documentation for our customers. Benjamin also acts as internal Business Continuity Manager and is responsible for business continuity documentation, drafting policy, procedures and continuity plans.

Camar Houssein joined itrust Abstractions Lab s.à r.l. in August 2023 as ICT administrator and developer. Since 2003, Camar holds a Bachelor´s Degree in Public and Administrative Law awarded from Paris 1 Panthéon-Sorbonne. In 2021, he successfully completed a one-year Security Operations (SecOps) oriented cybersecurity training at Technobel (Ciney, Belgium) where he acquired wide-ranging skills in SIEM solutions (Splunk, IBM Qradar), log analysis, incident handling (NIST), mgt. of firewalls and IPS/IDS (Cisco ASA, Firepower), and vulnerability assessment (Nessus).

Camar worked as an IT technician and trainer in Belgium, providing computer hardware/software/network support, developed and provided thematic workshops (i.e. social engineering, and secure digital usage of banking assets). In 2022, he participated as external consultant in a multi-site migration project (Paris, Luxembourg, and Brussels) supporting CANDRIAM Investment Funds in Luxembourg in migrating IT infrastructure to new OS version, managing user devices, installing software and security certificates, and handling log reports.

At itrust, Camar started taking over ICT-related routine tasks (user setup and support, system admin, ICT policy mgt.). He also assists French customers in updating their information security documentation. Further on, he supports future IT audit, vulnerability assessment and ethical hacking.

Ensuifudine OMAR has been analyst developer at itrust consulting since 2012. He completed a six-month internship during his Master studies at itrust consulting, working on the ESA LASP project, in order to obtain his degree in ‘IHM’ Human Machine Interface, Informatics from the University Paul Verlaine Metz.

He works in software development, and develops several tools for itrust consulting, like TRICK Service, Software Checker, Vulnerability Management System (a tool developed for the TREsPASS and ATENA project), and on a pseudo anonymization project for Centre de gestion informatique de l'éducation (CGIE).

Since 2016 he is also an ICT administrator for backup and to maintain the infrastructure at itrust consulting. In 2020 he was promoted to ICT Manager, Head of Department Software Development and took over the role of Chief Information Officer (CIO).

Following her internship in June/July 2022, Ritika started her new position beginning of September 2022 as ‘RD Security Developer’ in the Research & Development department at itrust consulting.

Lynn Pinto joined itrust consulting in June 2024 to support dissemination activities in research projects, assist public relations (PR), pre-sales and our customers in security document management. Lynn graduated from Trier University of Applied Sciences in 2022 with a Bachelor of Arts (B.A.) in Communication Design 6. Immediately afterwards, she set up her own business and improved her working style (self-organization, proactivity, responsibility, quality of work, punctuality, understanding of customer needs, goal orientation).

At itrust, Lynn began to take charge of the data protection consulting business line, marketing tasks (social media, public relations, ...), then project management for customers wanting to build an information security management system and the role of author of security policies, procedures and standards.

Viviane Weber joined itrust consulting in January 2025 as administrative Assistant.
Viviane finished her art studies at LCE in 2020. She now uses her 2 years of experience in Administration to support our customers in maintaining their IT security documentation and the IT security implementation process.

Dr. Arash Atashpendar is a research scientist and software engineer specialized in (post-)quantum/classical cryptography, algorithmics and implementation of mathematical software, with 12 years of experience in academic research and theoretical computer science (TCS) and 20 years of experience in software design and development. He has worked and published in various areas including quantum/classical cryptography, information theory, discrete mathematics, mathematical optimization, mathematical software, evolutionary computation, semantic search engines and systems programming. He has designed and implemented several industrial and academic tools, including, among other things, cryptographic software, simulation toolkits for quantum key exchange or distribution (QKD), software for reference-independent visualization and human-augmented binning of metagenomic data, inference-driven semantic search engine, scalable multi-objective optimization algorithms based on cooperative coevolutionary particle swarm optimization, desktop/web/mobile applications and mathematical software dedicated to combinatorial mathematics and information-theoretic analyses.

Arash holds a PhD in computer science, specialized in quantum/classical cryptography and information theory, received from the Quantum Lab of the APSIA group, part of the SnT research center of the University of Luxembourg, where he was advised by Peter Y.A. Ryan. Arash also holds a master’s degree in CS, with a major in information security, along with a bachelor’s degree in CS, specialized in distributed systems and middleware. Arash has also done postdoctoral research in classical and quantum cryptography as well as post-quantum cryptography and quantum computing. He was the main author of the FNR Core Q-CoDe proposal on quantum cryptography and information theory and a key contributor to the project; he was also one of the main authors of the FNR Core EquiVox project proposal on post-quantum cryptography. Before joining itrust consulting, he had worked in different capacities such as a research scientist, software developer, data scientist, consultant in software security and cryptography and instructor.

In November 2022, Arash co-founded itrust Abstractions Lab, operating as “Abstractions Lab” (ALab), as a spin-off of itrust consulting, together with professionals from the academic and industrial sector. He acts as the Chief Technology and Innovation officer (CTIO) at Abstractions Lab. ALab seeks to ensure the trustworthiness and security of digital systems by advancing the state-of-the-art and applying cutting edge results from computer science and mathematics for the design, development, and analysis of novel solutions for secure software and cyber physical systems, rooted in the conviction that correct and secure systems are built on a solid mathematical foundation, with cryptography and formal methods forming its main pillars.

In close collaboration with itrust consulting, Abstractions Lab is involved in three major projects, namely CyFORT, Eagle-1 and Lux4QCI. CyFORT, short for Cloud Cybersecurity Fortress of Open Resources and Tools for Resilience, is a national project supported by the Ministry of Economy, involving: a cloud security analytics and security monitoring solution involving an anomaly-based intrusion detection and prevention system relying on state-of-the-art machine learning, another dedicated to semantically enriched threat intelligence and automated reasoning and inference, a third one focusing on DevSecOps, Secure Development Life Cycle (SDLC) and the Common Criteria (CC) for the creation and evaluation of secure and certifiable (cryptographic) software, co-supervision of a doctoral research (PhD) programme in post-quantum cryptography, and finally, a set of tools providing governance functionalities for cloud security. Eagle-1, led by SES, is an ESA follow-up project building on the QUARTZ project, that aims to become Europe’s first Satellite-based Quantum Key Distribution system. Lux4QCI is an EU-funded project, related to the EU initiative Quantum Communication Infrastructure (QCI) initiative, that deals with quantum-safe cryptography combining quantum cryptography and primitives from post-quantum cryptography.

From 2020 to 2022, Arash led the RDI department at itrust consulting, an SME and recognized research institution in Luxembourg. He managed the Quantum Cryptography and Telecommunication Systems (QUARTZ) project and the LuxQCI project, both coordinated by SES for the European Space Agency (ESA). He was also in charge of the design and implementation of two cryptographic tools within the framework of the CELTIC CRITISEC and the QUARTZ projects, along with other R&D activities, related to verification and validation, security software development life cycle, advanced software requirements engineering, intrusion detection and prevention systems, unsupervised clustering algorithms and self-correcting systems in the context of the Internet of Things (IoT). While at itrust, Arash conceived and designed the CyFORT project and led the drafting of the CyFORT proposal, and that of itrust’s part in the Eagle-1 as well as the Lux4QCI projects.

Heinrich Fries has been employed as Security Researcher at itrust consulting since mid-May 2021. Before joining itrust consulting, he completed his masters studies in Physics at the University of Freiburg, specializing in quantum computation. He also holds a bachelor's degree in Physics, obtained in 2018 from the same university.

During his master studies, Heinrich accepted a scientific research assistant job working for the Fraunhofer institute (IAF) where he carried out research in the field of quantum computing, focusing on the optimization of quantum algorithms. As a member of the Research, Development and Innovation (RDI) department, Heinrich is involved in projects related to quantum computing and cryptography.

He assists the head of the RDI department by conducting research on post-quantum or quantum-safe algorithms and cryptographic systems (i.e., secure against quantum algorithms), as well as disseminating results through scientific publications and talks at conferences. He also contributes to software implementation activities using different programming languages such as Python and C++.

Heinrich is currently contributing to itrust consulting's activities in the field of cyber-physical systems security: automating threat modelling and risk assessment using mechanised provers in the context of post-quantum cryptography. He also carries out various IT administration and development tasks, e.g. on OpenARIANA.

In addition, Heinrich has recently familiarized himself with the information security requirements of the ISO 27xxx family and has been approved as an internal ISMS auditor in early 2025, and then performed several internal audits.

Dr. Ricardo Santos joined itrust consulting in March 2022, as a member of the RDI department, to fulfill the role of a Security Researcher and Developer. After graduating with a BSc in Computer Engineering, Ricardo explored the interdisciplinary character of computer science and how it can contribute to other areas of expertise. During his academic career, he undertook an MBA for IT Businesses and later did both his master studies and doctoral studies in Numerical Methods for Engineering, focusing primarily on computer graphics and virtual reality.

Besides his academic background, Ricardo has experience in the design of computer networks and building automation solutions, having been responsible for the design of networks for hospitals, museums, schools and shopping centers. Thanks to his background in computer graphics, he also did some work on the simulation and visualization of public spaces such as roads, parks and squares.

As a researcher, he has helped to found research groups revolving around education and wellbeing and focused on including technological assets in museums and professional training environments.

At itrust, Ricardo works in the RDI (Research, Development and Innovation) department, mainly supporting the head of RDI in key projects related to software engineering and secure systems design, applying his expertise in software engineering and development in Python.

He also assists the head of the RDI department by conducting research on secure design and development practices, as well as disseminating results through scientific publications and talks at conferences. He also contributes to software implementation activities as well as carrying out various ICT administration and development tasks.