Jurjen Harskamp on cybersecurity

A digital fire brigade with a strategic vision

HeadFirst Group works with and for hundreds of clients, and thousands of suppliers and professionals every day. Since much of this work involves processing personal data, it requires secure digital environments, a reliable infrastructure, and a strong defence mechanism against cyberthreats. That is why HeadFirst Group works closely with cybersecurity specialist Hunt & Hackett. In this strategic partnership, the focus is on proactive thinking around security by design, incident readiness, and risk management. CEO and co-founder Jurjen Harskamp shares insights about their role, their view on today’s digital threats, and how they support HeadFirst Group in maintaining its digital resilience every day. 

From tech enthusiasts to strategic sparring partner 

Harskamp, at the time a strategy consultant for organisations including the Ministry of Defence, became involved in cybersecurity through a major cyber programme for the Ministry of Defence and by helping shape the first national cybersecurity strategy. This led him to Fox-IT, where he transformed the company from a group of tech enthusiasts into a mature cybersecurity organisation. Fox-IT was sold in 2015, but Harskamp’s desire to be “in the driver’s seat” remained. During the covid-19 pandemic, he co-founded Hunt & Hackett with Ronald Prins. The company has since grown into a team of nearly sixty specialists. “We often refer to ourselves as the digital fire brigade,” says Harskamp. “We help organisations when things really go wrong, but ideally, we make sure it never gets that far.” 

From incident response to integrated partnership 

The collaboration with HeadFirst Group began with security testing and monitoring of specific applications, such as the Striive platform (formerly known as Select). “Initially, the focus was on technical checks and incident response. But a need for a more structural partnership soon emerged,” says Harskamp. Today, Hunt & Hackett plays an integral role in HeadFirst Group’s digital resilience. “We don’t just monitor what’s happening—we actively contribute ideas on how to make the organisation’s IT landscape structurally more secure. This ranges from infrastructure to strategic decisions, such as cloud migration, NIS2 compliance, or data-critical processes.” 

A key element of this collaboration is shared ownership: HeadFirst Group handles prevention, while Hunt & Hackett manages detection and response. “We know exactly how the environments are set up. That allows us to act immediately when anomalies occur. And in case of a serious incident, we have a joint escalation matrix ready.” 

Attackers think in routes—so do we 

What sets Hunt & Hackett apart is their “attacker’s perspective” on security. Harskamp explains: “We monitor over 800 attack groups worldwide. From that, we identify which groups are relevant for HeadFirst Group—for example, those active in their industry or using techniques that align with HeadFirst Group’s applications.” Based on this analysis, Hunt & Hackett builds a profile of the primary attack methods the organisation must defend itself against to prevent serious incidents. “That way, we know exactly what we need to protect against—and, more importantly, where in the digital chain potential vulnerabilities lie.” 

For HeadFirst Group, this means security efforts are not random or generic, but focused and effective. “We look specifically at users with elevated privileges—such as system administrators—and build additional defence layers there, like MFA, specific honeytokens, or Microsoft-specific policies.” 

Smart filtering, rapid response 

A major part of the collaboration revolves around 24/7 monitoring. “We receive hundreds of alerts daily. These are filtered through smart algorithms into 20 to 50 security notifications, which are then reviewed through a triage process. Of those, an average of 10 to 30 are thoroughly investigated by an analyst.” And if we find something serious? “Then our playbook kicks in. We’ve agreed with HeadFirst Group on who takes action and when—and in specific cases, we’re authorised to intervene directly to prevent further escalation.” 

 Jurjen also highlights the joint incident readiness simulations as an example of a mature partnership. “These are almost like role-playing scenarios—played out as if they were real. You learn so much about your chain, processes, and dependencies. It has greatly contributed to HeadFirst Group’s resilience.” 

Security by design, innovation by partnership 

What makes Hunt & Hackett unique in its collaboration with HeadFirst Group is that it goes far beyond technology. “We want to be at the table early on for strategic decisions—such as the design of new digital solutions or client portals. The earlier you integrate security into the design, the more effective and user-friendly it becomes.” This exchange works both ways. “At HeadFirst Group, there’s genuine room for dialogue. We can truly contribute ideas—but also challenge when needed. That leads to better decisions.” 

Healthy paranoia keeps you sharp 

Harskamp concludes with an important lesson: “We have all the tools today to be well-secured. But it takes discipline, vigilance, and collaboration. As an organisation, you need to be just a little bit healthily paranoid. That’s how you stay one step ahead of the attackers.” Thanks to the close partnership with Hunt & Hackett, HeadFirst Group is not only digitally resilient but also steadily building a secure, innovative, and trustworthy organisation for clients, suppliers, and professionals alike.