Jeroen van der Ham is associate professor of Cyber Security Incident Response in the Design and Analysis of Communication Systems (DACS) group at the University of Twente. Jeroen combines this with his work at the National Cyber Security Centre in The Netherlands (NCSC-NL).

At NCSC-NL he focuses on the many developments in coordinated vulnerability disclosure and ethics of the security profession.

At the University of Twente he focuses on incident response, ethics of incident response and internet security research, denial of service attacks, and anonimization in network measurements.


Incident Response is a fundamental part of cybersecurity. Now that digitalisation has permeated almost every part of society, incident response has become a vital aspect of cybersecurity.

Incident response must grow from a trade to a profession. Incident Response started in earnest with the Morris worm and the formation of CERT/CC. However, Incident Response has always been a trade that has been learned mostly from lore, rather than grounded theory.

A profession requires theoretical frameworks and academic grounding.

Some questions that I'm focusing on:

  • How do we define “cybersecurity” and what is the role of “incident response” ?
  • Part of professionalisation is the development of a code of ethics, what are the fundamental aspects?
  • How do we develop Internet security while keeping the need for incident response in mind?
  • How do we better educate future incident response professionals?


  • Incident Response
  • Network Security
  • Ethics of Cyber Security and Computer Science in general
  • Distributed Denial of Service
  • Privacy in Computer Networking


  • PhD in System and Network Engineering, 2010

    University of Amsterdam

  • MSc in System and Network Engineering, 2004

    University of Amsterdam

  • MSc in Cognitive Artificial Intelligence, 2002

    Utrecht University


Academic Positions

Besides my current position (since 2015) as security researcher at the National Cyber Security Centre, I have (held) the following academic positions (in reverse chronological order)

Programme Committees

  • Passive and Active Measurement Conference (PAM) 2020
  • FIRST Conference 2018, 2019, 2020
  • Workshop Traffic Measurement for Cybersecurity (WTMC) 2017, 2018, 2019
  • NextCloud2013
  • NextCloud2012

Other Activities

  • 2019 : Guest editor of FIRST special issue ACM DTRAP
  • 2018 - present: Associate Editor of ACM Journal: Digital Threats: Research and Practice (ACM DTRAP)
  • 2018 - present: Member of Ethics Committee at Electrical Engineering, Mathematics and Computer Science, UTwente
  • 2016 - present: Chair of Ethics Working-group at ICT-Research Platform Netherlands
  • 2014 - 2019: Member of Ethics Committee at Science Department, UvA
  • 2014 - 2017: Ethics Advisor at Systems and Network Engineering Master, UvA

Recent Publications

Ethics in cybersecurity research and practice

This paper critiques existing governance in cyber-security ethics through providing an overview of some of the ethical issues facing …

Don’t shoot the messenger! A criminological and computer science perspective on coordinated vulnerability disclosure

In the computer science field coordinated vulnerability disclosure is a well-known practice for finding flaws in IT-systems and …

A Survey of Network Traffic Anonymisation Techniques and Implementations

Many networking research activities are dependent on the availability of network captures. Even outside academic research, there is a …

Ethics and Internet Measurements

This paper examines the impact of this development for Internet measurements and analyses previous cases where Internet measurements …