Jorge Mora-Flores: “I propose the 5 C’s for cybersecurity success – Creativity, Communication, Confidence, Collaboration and Commitment. “

Mini-interviews with EU CyberNet experts. Jorge Mora-Flores has been part of the expert pool for over two years and has contributed to the work of EU CyberNet

EU CyberNet is a EU-funded cyber capacity building project aimed at establishing a pan-European expert network to help solve cybersecurity challenges around the world. And cybersecurity experts are the core of EU CyberNet and instrumental to the objective of building and promoting the model of an open, free, secure and stable cyberspace. This growing EU Cyber Experts Pool consists of almost 400 experts so far, on topics such as cybersecurity, cybercrime, cyber diplomacy, cyber defense, AI, etc. that connects to a wider pan-European Stakeholder Community to assess partner countries’ needs, organise trainings and offer our experts’ cyber expertise to support various initiatives around the world.  

What is less brought to the foreground in the work we do is the human factor and the work of individuals driving the progress forward across the globe. 

In this mini-interviews series we will meet our Cyber Experts as industry leaders and discover the essential contributions they make in shaping the cyber world and ensuring its seamless operation!  

In the May interview we’ll meet Jorge Mora-Flores, with over 23 years of experience in Information and Communication Technologies, Digital Transformation, Cybersecurity and Innovation and an Expert with the EU CyberNet. 

Please introduce yourself and the work that you do. What are the reasons for your interest in the cyber world?


My name is Jorge Mora-Flores, and I’m from Costa Rica. I joined EU CyberNet Expert Pool in August 2022. I have over 23 years of experience in Information and Communication Technologies, Digital Transformation, Cybersecurity, and Innovation. Regarding my field of study, I have a master’s degree in innovation for business development and a degree in computer engineering. In addition, I’m currently a candidate for a bachelor’s degree in computer science and project management and a master’s degree in cybersecurity.

One of my most recent and exciting experiences was as a former Director of Digital Governance of the Ministry of Science, Innovation, Technology and Telecommunications (MICITT) in Costa Rica, where I was able to work building a cybersecurity network in the public sector, collaborate with the first steps in the National CSIRT, propose and lead the cybersecurity line of work in the E-Government Network for Latin America and the Caribbean (Red Gealc). I had the opportunity to be the first president of the digital regional strategy in the ERDI ad-hoc group in the Central American Integration System and the Dominican Republic (SICA) and be the first president of the Costa Rica Cybersecurity Cluster (CyberSec Cluster) and finally, led and coordinated the attention to the national cybersecurity attack in Costa Rica, which suffered in April 2022.

Currently, I’m an international consultant and lecturer in digital transformation, cybersecurity and innovation. I collaborate as a LATAM Sales Account Manager with the American cybersecurity company DeepSeas, where my first goal is to bring peace of mind to Latin American organisations against cyber risk with a programmatic approach to cybersecurity, highly personalised services and elite detection and response capabilities. I’m the co-author of the book Digital Public Transformation in Latin America, with the chapter “A comprehensive vision of Cybersecurity to support digital transformation.”

My interest in the cyber world comes from my belief that digital technologies are the means to create new opportunities for everyone everywhere and give us the tools to close the social, knowledge and development gaps. With the internet and digital technologies, everybody can study, learn and enhance themselves to be the best human being and professional. This is crucial for the world development and we must protect it. That is why cybersecurity is crucial to protect this world’s development.

Digital technologies are the means to create new opportunities for everyone everywhere and give us the tools to close the social, knowledge and development gaps.


Soy Jorge Mora-Flores de Costa Rica. Me incorporé a EU CyberNet Expert Pool en agosto de 2022.  Tengo más de 23 años de experiencia en Tecnologías de la Información y Comunicación, Transformación Digital, Ciberseguridad e Innovación. En cuanto a mi desarrollo académico, cuento con una maestría en innovación para el desarrollo empresarial y una ingeniería en computación. Además, actualmente soy candidato a licenciado en informática y gestión de proyectos y a un máster en ciberseguridad.

Una de mis experiencias más recientes y emocionantes fue como ex Director de Gobernanza Digital del Ministerio de Ciencia, Innovación, Tecnología y Telecomunicaciones (MICITT) en Costa Rica, donde pude trabajar construyendo una red de ciberseguridad en el sector público, colaborar con los primeros pasos en el CSIRT Nacional, proponer y liderar la línea de trabajo de ciberseguridad en la Red de Gobierno Electrónico para América Latina y el Caribe (Red Gealc). Tuve la oportunidad de ser el primer presidente de la estrategia regional digital en el grupo ad-hoc ERDI en el Sistema de Integración Centroamericana y República Dominicana (SICA), ser el primer presidente del Cluster de Ciberseguridad de Costa Rica (CyberSec Cluster) y finalmente, lideré y coordiné la atención al ataque nacional de ciberseguridad en Costa Rica, que sufrió en abril de 2022.

Actualmente, soy consultor internacional y conferencista en transformación digital, ciberseguridad e innovación. Colaboro como LATAM Sales Account Manager de la empresa americana de ciberseguridad DeepSeas, donde mi principal objetivo es llevar tranquilidad a las organizaciones latinoamericanas frente al ciberriesgo con un enfoque programático de ciberseguridad, servicios altamente personalizados y capacidades de detección y respuesta de élite. Además, soy coautor del libro Transformación Pública Digital en América Latina, con el capítulo “Una visión integral de la Ciberseguridad para apoyar la transformación digital.”

Mi interés en el mundo cibernético viene de mi creencia de que las tecnologías digitales son la oportunidad de crear nuevas oportunidades para todos(as) en todas partes y nos dan las herramientas para cerrar las brechas sociales, de conocimiento y de desarrollo. Con el Internet y las tecnologías digitales, todo el mundo puede estudiar, aprender y mejorar para ser la mejor persona y profesional. Esto es crucial para el desarrollo mundial, y debemos protegerlo. La ciberseguridad es crucial para proteger el desarrollo del mundo.

Las tecnologías digitales son la oportunidad de crear nuevas oportunidades para todos(as) en todas partes y nos dan las herramientas para cerrar las brechas sociales, de conocimiento y de desarrollo.

What do you think are the current challenges in the field of cyber that you see in your daily work?


In my daily work, I have detected several challenges in the field of cybersecurity that are framed in the public sector, the private sector, academia and civil society. The main one involving each sector, I could say, is the lack of awareness and knowledge about the importance of cybersecurity and the risks we are really exposed to.

Secondly, I have detected a lack of transparency and high distrust among the organisations affected by cyber incidents. These organisations do not share information, so there is no knowledge and no help to prepare the ecosystem for similar cyber incidents.

Third, public policies and the education sector have focused on the development of professional programmes in cybersecurity, which is positive, but they have neglected education for the digital citizens of the future, our children in early educational stages.

Fourth, an element of the productive sector of information technologies has generated a broad development oriented to the user experience, leaving aside cybersecurity. At the same time, there are no regulations in the Latin American countries that really guarantee control and security for the development of technologies or software.

Fifth, at the public policy level, there is a lack of comprehensive development and governance in cybersecurity, considering the existing ecosystem in each country and the orchestration and communication between different stakeholders. There is an approach of trying to create “all-in-one” agencies that try to solve all the issues for all sectors, and that is unlikely; inter-institutional and intersectoral work is required to achieve this.


En mi trabajo diario, he detectado varios retos en el campo de la ciberseguridad que se enmarcan en el sector público, el sector privado, el mundo académico y la sociedad civil. El principal desafío que afecta a cada sector, podría decir que es la falta de concienciación y conocimiento sobre la importancia de la ciberseguridad y los riesgos a los que realmente estamos expuestos.

En segundo lugar, he detectado una falta de transparencia y una gran desconfianza entre las organizaciones afectadas por incidentes cibernéticos. Estas organizaciones u empresas no comparten información, por lo que no hay conocimiento ni ayuda para preparar el ecosistema ante incidentes cibernéticos similares.

En tercer lugar, las políticas públicas y el sector educativo se han centrado en el desarrollo de programas profesionales en ciberseguridad, lo cual es positivo, pero han descuidado la educación de los ciudadanos digitales del futuro, nuestros hijos en etapas educativas tempranas.

En cuarto lugar, un elemento del sector productivo de las tecnologías de la información ha generado un amplio desarrollo orientado a la experiencia de usuario dejando de lado la ciberseguridad. Al mismo tiempo no existe en los países latinoamericanos una regulación que realmente garantice el control y seguridad para el desarrollo de tecnologías o software.

Quinto, a nivel de políticas públicas, se carece de un desarrollo y gobernanza integral en ciberseguridad, considerando el ecosistema existente en cada país y la orquestación y comunicación entre los diferentes actores. Existe un enfoque de tratar de crear agencias “todo en uno” que traten de resolver todos los temas para todos los sectores, y eso es poco probable; se requiere de un trabajo interinstitucional e intersectorial para lograrlo.

Based on your experience, what practical measures do you recommend enhancing cybersecurity?


Some practical recommendations to start improving cybersecurity in the organisations, companies or governments in which we find ourselves are:

  • Identify our cybersecurity ecosystem. Define the people, work areas, institutions, assets, devices, controls and possible internal or external support networks we have, and we could coordinate some action.
  • Awareness and training. These programmes prepare people, co-workers, leaders and users about the importance of cybersecurity and cyber risks. We are all part of the ecosystem and are responsible for protecting it. Define a cyber hygiene programme.
  • Network of trust. Build an interdisciplinary and interagency (in governments among friendly countries) network of trust that supports you and that you can support. Promote public-private partnerships and exchange information.
  • Develop a cybersecurity strategy. Develop an organisational, corporate or national strategy with clear objectives, well-identified stakeholders and well-defined coordination processes.
  • Risk management. Identify your organisation’s main assets, the crown jewels of your organisation, company or country and perform constant monitoring and risk assessments.
  • Finally, I propose the 5 C’s for cybersecurity success: Creativity, Communication, Confidence, Collaboration and Commitment.

What I believe makes the difference in my work are human relationships, creating spaces of trust, promoting honest conversations about our experiences and helping others to improve their cybersecurity programmes.


Algunas recomendaciones prácticas para empezar a mejorar la ciberseguridad en las organizaciones, empresas o gobiernos en los que nos encontremos son:

  • Identificar cuál es nuestro ecosistema de ciberseguridad. Definir las personas, áreas de trabajo, instituciones, activos, dispositivos, controles y posibles redes de apoyo internas o externas con las que contamos, y podríamos coordinar alguna acción.
  • Concienciación y formación. Estos programas preparan a las personas, compañeros de trabajo, líderes y usuarios finales sobre la importancia de la ciberseguridad y los ciberriesgos. Todos formamos parte del ecosistema y somos responsables de protegerlo. Defina su programa de ciberhigiene.
  • Red de confianza. Construya una red de confianza interdisciplinaria e interinstitucional (si está en el gobierno entre países amigos) que le apoye y a la que usted pueda apoyar. Fomente las asociaciones público-privadas e intercambie información.
  • Desarrolle una estrategia de ciberseguridad. Desarrolle una estrategia organizativa, corporativa o nacional con objetivos claros, partes interesadas bien identificadas y procesos de coordinación bien definidos.
  • Gestión de riesgos. Identifique los principales activos de su organización, las “joyas de la corona” de su organización, empresa o país, y realice un seguimiento constante y evaluaciones de riesgos.
  • Por último, propongo las 5 C para el éxito de la ciberseguridad: Creatividad, Comunicación, Confianza, Colaboración y Compromiso.

Creo que hace la diferencia en mi trabajo son las relaciones humanas, crear espacios de confianza, promover conversaciones honestas sobre nuestras experiencias y ayudar a otros a mejorar sus programas de ciberseguridad.

Can you give us an example from your work that you believe makes a difference in advancing cybersecurity?


I want to give two examples from two different perspectives:

  1. From the private sector, collaborating with a leading global cybersecurity company, DeepSeas, is to understand that cybersecurity is an agnostic and non-technological issue, it is to help create cybersecurity programmes that prepare, protect and provide peace of mind by leveraging existing technology and current capabilities that a company or organisation has, with continuous accompaniment.
  2. As a international consultant sharing the experience gained in different cybersecurity incidents in the public sector and in a national cyber attack (Costa Rica, April 2022), promote the creation of networks of trust between sectors and countries, share experiences, good decisions and mistakes made to strengthen cybersecurity in other countries and organisations.

In summary, what I believe makes the difference in my work are human relationships, creating spaces of trust, promoting honest conversations about our experiences and helping others to improve their cybersecurity programmes.


Me gustaría brindar dos ejemplos desde dos perspectivas diferentes:

  1. Desde el sector privado, colaborar con una empresa líder mundial en ciberseguridad, DeepSeas, es entender que la ciberseguridad es una cuestión agnóstica y no tecnológica, es ayudar a crear programas de ciberseguridad que preparen, protejan y den tranquilidad aprovechando la tecnología existente y las capacidades actuales que tiene una empresa u organización, con un acompañamiento continuo.
  2. Como consultor internacional compartir las experiencias adquiridas en diferentes incidentes de ciberseguridad en el sector público y en un ciberataque nacional (Costa Rica, abril 2022), promover la creación de redes de confianza entre sectores y países, compartir esas experiencias, buenas decisiones y errores cometidos para fortalecer la ciberseguridad en otros países, empresas y organizaciones.

En resumen, creo que hace la diferencia en mi trabajo son las relaciones humanas, crear espacios de confianza, promover conversaciones honestas sobre nuestras experiencias y ayudar a otros a mejorar sus programas de ciberseguridad.

How do you think is EU CyberNet playing a role in building this community of experts and advancing cyber capacity building efforts around the world?


The work done by EU CyberNet, including the creation of a global community of experts, is of great importance for strengthening cybersecurity capabilities in countries, organisations and companies.

EU CyberNet’s community of experts provides a space to share experiences and knowledge and improve the capabilities of the members, and in this way, each one can replicate those experiences to improve cybersecurity in the company, organisation or country in which he/she is located.

Another very important element is the opportunity to share real experiences among the different countries so that the experts can grow with the knowledge and experience of other colleagues.

With this community, EU CyberNet offers a global point of contact with leading experts in different areas of cybersecurity in a multicultural, interdisciplinary platform, with support in different languages and under the best practices and lessons learned worldwide.


El trabajo realizado por EU CyberNet, incluyendo la creación de una comunidad global de expertos, es de gran importancia para fortalecer las capacidades de ciberseguridad en los países,  las organizaciones y las empresas.

La comunidad de expertos de EU CyberNet proporciona un espacio para compartir experiencias, conocimientos, mejorar las capacidades de los miembros, y de esta forma, cada uno puede replicar esas experiencias para mejorar la ciberseguridad en la empresa, organización o país en el que se encuentre.

Otro elemento muy importante es la oportunidad de compartir experiencias reales entre los diferentes países para que los expertos puedan crecer con el conocimiento y la experiencia de otros colegas.

Con esta comunidad, EU CyberNet ofrece un punto de contacto global con expertos líderes en diferentes áreas de la ciberseguridad en una plataforma multicultural e interdisciplinaria, con soporte en diferentes idiomas y bajo las mejores prácticas y lecciones aprendidas en todo el mundo.

Keep reading similar articles
Annual Cyber Project Community Meeting Concluded in Brussels

On 15th May, EU CyberNet hosted the annual Cyber Project Community (CPC) meeting in cooperation with the European Commission’s Service for Foreign Policy Instruments and the European External Action Service (EEAS) to provide for a fora to the EU funded external cyber capacity building projects’ implementers to share information, facilitate cooperation and learn from each other’s best practices.   

Matteo Lucchetti: “The human factor is in more than 80% of the cases the initial channel through which the attack breaks into the target”

Mini-interviews with EU CyberNet experts. Matteo Lucchetti has been part of the Expert Pool for 3 years and has contributed to the work of EU CyberNet.

Saira Isaac Hernández: “Achieving a space of authority within the circle [of men] has been a journey of a lot of work and extra miles.”

Mini-interviews with EU CyberNet experts. Saira Isaac Hernández has been part of the expert pool for over a year and has contributed to the work of EU CyberNet

5 partners have officially joined LAC4

Throughout 2023, LAC4 has become increasingly notable for its proactive initiatives, leading to the official inclusion of five partners in its activities by the year’s end.

EU CyberNet in numbers

By the end of 2023 EU CyberNet has 359 members in the Expert Pool and 70 members in the Stakeholder Community.

By EU CyberNet team
EU CyberNet Missions 2023

In 2023, EU CyberNet took action around the world and delivered an incredible amount of missions throughout the year.