Eddy Willems

Early Life and Education

Eddy Willems was born in Belgium in 1962. He studied computer science at the Institute for Higher Education Brussels (IHB) and at the Vrije Universiteit Brussel (VUB), beginning his professional career as a systems analyst in 1984.

Career

Willems started out as a systems analyst at a Belgian insurance company, De Vaderlandsche — today part of P&V. In 1989, while working there, he encountered an early version of ransomware known as the AIDS Trojan Horse. The malware arrived on a 5.25-inch floppy disk containing AIDS/HIV-related questionnaire software; once inserted, it locked his system and demanded a payment of $189. His efforts to analyze and circumvent the threat marked the beginning of his dedicated focus on computer security.

Following that formative experience, Willems built his expertise across several organizations. He worked as an anti-virus specialist at NOXS, an added-value distributor of security products and a Westcon Group company, and later served as Security Evangelist for Kaspersky Lab in the Benelux region. From 2010 until late 2024, he held the role of Global Security Officer and Security Evangelist at G DATA CyberDefense, where he was involved in anti-malware research, consultancy, training, and communications with press, resellers, and end users.

In 2014, Willems founded WAVCi (Willems Awareness, Vulnerability and Cybersecurity Insights), his own cybersecurity consultancy. Since late 2024, he has worked exclusively through WAVCi, continuing his research and advocacy independently.

Organizational Involvement

In 1991, Willems became a founding member of EICAR, the European Institute for Computer Anti-Virus Research. He joined Joe Wells' Virus Wildlist in 1995, reporting for Belgium, Luxembourg, and EICAR Europe. He joined the EICAR board in May 2005 as Director of Press and Information, and in 2009 took on the role of Director for Security AV Industry Relationships.

Willems served as a member and PR officer of AMTSO, the Anti-Malware Testing Standards Organization, joining its board in May 2012 and serving until July 2019. He was also a member of the AVAR (Association of Anti-Virus Asia Researchers) board from 2019 to 2024. In Belgium, he participated in the first government-initiated e-security team on the website of the telecom regulator BIPT-IBPT, and in 2015 joined the board of LSEC — Leaders in Security.

Notable Work

Willems formulated what are known as Willems' Laws — two principles describing key dynamics in cybersecurity. The First Law holds that the more popular a platform, the more it will be targeted by attackers. The Second Law expresses that cybersecurity problems (CSP) result from both technological factors (TF) and human factors (MF), summarized as CSP = TF × MF, emphasizing the role of human behavior in security vulnerabilities.

He authored the original article on computer viruses for the Microsoft Encarta Encyclopedia (US Edition, 1997–2009) and has co-authored numerous conference papers for Virus Bulletin and AVAR, including "Oops! It happened again" (Virus Bulletin, 2019) and "Fool Us! … 11 'Fools' years later" (Virus Bulletin, 2021).

His books include Cybergevaar (Dutch, Lannoo, 2013), Cybergefahr (German, Springer, 2015), and Cyberdanger (English, Springer, 2019), which trace the history of malware and offer guidance for consumers and small businesses. He has also written cybersecurity fiction, including the thriller Het Virus (Dutch, Lannoo, 2020) and its English translation The Virus (Lannoo, 2025).

Public Speaking and Media

Willems is an active keynote speaker at major international conferences including Virus Bulletin, AVAR, EICAR, InfoSecurity, CeBIT, and FIRST. On May 13, 2021, he delivered a talk at TEDxKULeuven in Leuven, Belgium, at an event themed "Entering a New Era," addressing cybersecurity in the context of rapid technological and societal change. He has been interviewed and quoted by international broadcasters including CNN, Al Jazeera, and TRT World, as well as Belgian outlets VRT and VTM, and publications such as De Standaard, De Morgen, Data News, and ZDnet.be.

Recognition

Willems has received best speaker awards at AVAR and AV-Comparatives events, and has been recognized as a contributor of the year by AMTSO, reflecting his sustained influence in the international cybersecurity community.