Eddy Willems

Eddy Willems (born 1962) is a Belgian cybersecurity expert, author, public speaker, and thought leader with nearly four decades of experience in malware research, cybercrime analysis, and cybersecurity advocacy. He is known internationally for his early involvement in identifying and mitigating some of the first ransomware threats, for co‑founding the European Institute for Computer Anti‑Virus Research (EICAR), and for his work in cybersecurity education through books, talks, and media appearances.

Willems was born in Belgium in 1962. He studied computer science at the Institute for Higher Education Brussels (IHB) and at the Vrije Universiteit Brussel (VUB), after which he began his professional career as a systems analyst in 1984.

He served as  Global Security Officer and Security Evangelist at G DATA from 2010^[1] until late 2024 where he was involved in anti-malware and security research, consultancy, training and communication programs with press, resellers and end-users. He founded his cybersecurity consultancy company WAVCi (Willems Awareness, Vulnerability and Cybersecurity Insights), in 2014 and has been working exclusively for his own company since late 2024, where he continues his work independently.^[2]

He started his career as a systems analyst in 1984, and while working at an insurance company he was challenged in 1989 by a Trojan incident, in fact a very early version of ‘ransomware’ malware, the AIDS Trojan Horse. His system got infected by inserting a (5.25’’) floppy with ‘aids/HIV’-related information (a questionnaire), resulting in a lock down of his system and a request to pay $189.^[3] Figuring out how to get around this malware kindled Eddy Willems’ interest in computer viruses and resulted in a well received solution for this Trojan malware. Furthermore, it kick started his anti-virus and anti-malware career.

Eddy Willems developed his career as security specialist initially at an insurance company (De Vaderlandsche – today part of P&V), followed by an added value distributor of security products (anti-virus expert at NOXS - a Westcon Group company) and at security software specialist Kaspersky Lab (Benelux, security evangelist).^[4]

As his expertise grew, Eddy Willems joined international computer security organizations. In 1991, he became a founding father of EICAR (the European Institute for Computer Anti-Virus Research).^[5] In 1995, he joined Joe Wells’ Virus Wildlist, reporting for Belgium, Luxembourg & for EICAR Europe. In May 2005, he became a board member of EICAR, as director of Press and Information. In 2009, he took up the position of director for Security AV Industry Relationships.^[6] Willems became a member and PR officer of AMTSO, the Anti-Malware Testing Standards Organization, joining its board in May 2012^[7] until July 2019. He was also a member of the AVAR (Association of Anti-Virus Asia Researchers) board from 2019 to 2024.^[8]

In Belgium, Eddy Willems was a member of the first government initiated e-security team, on the website of the telecom regulator BIPT-IBPT.^[9] In 2015, he joined the board of LSEC – Leaders in Security, an association grouping security companies active in Belgium and EU.^[10]

Eddy Willems is active on the speakers circuit, with presentations for companies and consumers, as well as at conferences (see Publications section).^{[2][11][12][13]}

He has been asked for comments and opinions by radio and TV-stations, both international (CNN,^[14] Al Jazeera^[15]), TRT World^[16] and national (Belgium: VRT,^[17] VTM^[18]), and national newspapers (De Standaard,^[19] De Morgen^[20]). Eddy Willems regularly publishes opinions in ict-magazines, as Data News (Belgium)^[21] and ZDnet.be.^[22]

Willems has worked with several security vendors and technology firms over the years, including roles as researcher and evangelist for companies such as Kaspersky, Westcon‑Comstor (NOXS), and G DATA CyberDefense.^[4][2]

Willems is the author and co-author of several books on cybersecurity for both technical and general audiences, including Cybergevaar (Dutch, Lannoo, 2013)^[23], Cybergefahr (German, Springer, 2015)^[24], Cyberdanger (English, Springer, 2019)^[25], and his science-fiction cyberthrillers Het Virus (Dutch, Lannoo, 2020)^[26] and The Virus (English, Lannoo, 2025)^[27], a cyber thriller about a catastrophic computer virus. He has also co-authored numerous papers for international cybersecurity conferences, including Virus Bulletin^[28] and AVAR, with notable contributions such as “Oops! It happened again” (Virus Bulletin, 2019)^[29] and “Fool Us! … 11 ‘Fools’ years later” (Virus Bulletin, 2021), reflecting his expertise in malware analysis and cybersecurity research.^[30]

Willems’ Laws are principles formulated by Willems to explain key dynamics in cybersecurity.^[31] The First Law states that the more popular a platform, the more it will be targeted by attackers. The Second Law expresses that cybersecurity problems (CSP) result from both technological factors (TF) and human factors (MF), summarized as CSP = TF × MF, highlighting the critical role of human behavior in creating security vulnerabilities.^[26][27]

Willems is a keynote speaker, having delivered talks, workshops, and presentations at major cybersecurity conferences worldwide, including Virus Bulletin, AVAR, EICAR, InfoSecurity, CeBIT, FIRST, and more. ^[31]

He spoke at TEDxKULeuven on 13 May 2021, an event themed “Entering a New Era” in Leuven, Belgium. At the event, he addressed issues related to cybersecurity in the context of rapid technological and societal change.^[32]

Willems has received multiple awards and honors for his speaking and contributions to cybersecurity, including best speaker awards at AVAR and AV‑Comparatives events and recognition as a contributor of the year from AMTSO, reflecting his influence and longtime involvement in the cybersecurity community.^[8][33]

• Willems, Eddy (September 22, 2020). "Het virus". Lannoo. ISBN 9789401467506. Retrieved 2026-02-05.
• Willems, Eddy (December 2, 2025). The Virus. Lannoo. ISBN 9789020957099.{{cite book}}: CS1 maint: date and year (link)
• Willems, Eddy (2013). Cybergevaar [Cyberdanger] (in Dutch). Netherlands: Lannoo. ISBN 978-9-401-412537. This is a book detailing the dangers and solutions regarding computer security,^[34] targeting a readership of consumers and small business. It sketched the history of computer viruses and malware, specific cases, as well as tips and solutions to protect against viruses and malware.^[35]
• Willems, Eddy (2015). Cybergefahr [Cyberdanger] (in German). Germany: Springer. ISBN 978-3-658-04761-0. This is an updated edition translated into German.^[36]
• Willems, Eddy (2019). Cyberdanger. Springer. ISBN 978-3-030-04531-9. An English edition of Cybergevaar (as 'Cyberdanger'), translated and updated, was published in June 2019.
• Major security white papers and articles include:
  • The original article on computer viruses in the Microsoft Encarta Encyclopedia (US Edition, 1997-2009, no longer available online).
  • Willems, Eddy (June 2003). "The Winds Of Change - Updates To The EICAR Test File (Article)" (PDF). Virus Bulletin.
  • "Teach your children well (Paper)". Virus Bulletin Conference 2005. (Co-authored by David Harley, Eddy Willems and Judith Harley.)
  • "Attacks from the Inside (Paper)". Virus bulletin Conference 2010.(co-authored by Eddy Willems and Righard Zwienenberg.)
  • "Test Files and Product Evaluation: the Case for and against Malware Simulation (Paper)". AVAR Conference 2010. 2 November 2013. (Co-authored by David Harley, Eddy Willems, and Lysa Myers.)

Eddy Willems is married and has a son.

• EICAR (formerly the European Institute for Computer Antivirus Research)
• AMTSO (Anti-Malware Testing Standards Organization)
• "LSEC (Leaders In Security)".
• "The WildList Organization International". Archived from the original on 2016-12-01. Retrieved 2017-07-31.

• www.anti-malware.info
• www.eddywillems.be