It started early for Mischa. At just thirteen, he found a vulnerability at ABN AMRO at a time when responsible disclosure did not exist. Instead of being dismissed, he was invited into the bank’s Security Operations Center where he completed an internship. That moment shaped everything that followed. He co-founded his first cybersecurity company at seventeen and later started Anovum at the HSD Campus in The Hague. Today, Mischa leads Anovum with a clear conviction. Organisations solve security problems by improving processes and governance, not by assigning blame.
Early experience that shaped a founder
Mischa’s introduction to cybersecurity feels almost like a coming-of-age story. “I was thirteen, reporting a vulnerability to a major bank. There were no guidelines at all back then. But instead of getting into trouble, I was invited in.” That experience taught him something fundamental. Systems fail more often than people do. That insight later became one of the cornerstones of Anovum.
Governance as the real backbone of security
Mischa sees the same pattern everywhere. Companies invest heavily in tools but barely in governance. Dashboards, monitoring systems and detection platforms are purchased quickly, yet no one decides who is responsible for action when something goes wrong. “Security without governance is decoration. It looks polished, but it collapses the moment you rely on it.” He points out that many CISOs are expected to carry responsibility without having the mandate that legally belongs to the board. “They are accountable for outcomes they cannot control. That is not a security problem. That is a structural problem.” Anovum focuses on structure instead of blame. Incidents rarely originate from one person. They usually arise from unclear processes and missing responsibilities.
Complete investigations and legal authority
Anovum specialises in forensic investigations, incident response, pentesting and security governance. The company holds a licence from the Dutch Ministry of Justice which allows investigations involving individuals. Most cybersecurity firms are not permitted to do this.“We are allowed to investigate people. This means organisations get complete and legally valid investigations. That matters when the stakes are high.” Their philosophy is simple. No blame culture, no secrecy and no shortcuts. Only structure, clarity and full documentation.
Raising industry standards with open methodologies
Mischa co-created MIAUW, the Methodology for Information security Assessments with Audit Worth. It is an open-source framework that standardises penetration testing. Parliament adopted a motion supporting it in December 2024 and the methodology is now being adopted by banks, cybersecurity companies and training programmes.
“By standardising how tests are executed, you are already doing better than most of the industry.”
The methodology reflects Anovum’s belief that the cybersecurity sector must become more transparent. “Security is based on trust. Trust requires openness.”
Embedded in The Hague’s security ecosystem
Mischa’s connection to the cybersecurity community in The Hague goes back more than a decade. His first visit to the ONE Conference in 2013 made a lasting impact. Choosing HSD Campus as Anovum’s home base was a logical step. “When you grab a coffee here, you always end up talking to someone who can help you or someone you can help. Collaboration becomes the norm.”
The proximity to ministries, government bodies and fellow security companies creates a natural environment for knowledge sharing.
Growth driven by quality, not scale
Looking ahead, Anovum wants to grow in a sustainable way. Not by expanding as fast as possible, but by strengthening its foundations in governance, methodology and transparency. Together with his business partner, Mischa is developing AdversIQ. It is a supply chain resilience platform that maps where services are hosted, how dependencies interact and what that means for digital sovereignty. This topic is becoming increasingly important for European organisations.
“I want to grow bigger, but only if we can do it responsibly. No shortcuts.”
He invites the HSD community to connect, collaborate and contribute to a more mature cybersecurity landscape.
