About

Alessandro Ortalda

Managing director · Cybersecurity strategy and policymaking lead

Alessandro has spent 10 plus years advising governments and international organisations on national cybersecurity strategy, governance and policymaking, maturity and risk assessment, and critical infrastructure protection. His clients range from ministers and senior policymakers to national cybersecurity authority directors and mid-level technical managers.

Before Experiree, he worked at global consulting firms on projects to establish national CSIRTs in African countries, implement SOC functions in international firms, and design risk assessment methodologies for European critical operators in finance and energy. He was previously Managing Director of the Brussels Privacy Hub.

Alessandro is a certified auditor for the Security Incident Management Maturity Model (SIM 3), ISO 27001, and ISO 22301. He served as Working Group Lead and Contributing Author for the Guide to Developing a National Cybersecurity Strategy, 3rd edition (2025), co-published by ITU, the World Bank, the African Union, and 30 plus international partners. He also contributed as Thematic Expert at the European Commission's Joint Research Centre on the EWZ4CIP project on critical infrastructure protection involving AI and biometrics.

Alessandro is also a long-standing advisor to the World Bank and the International Telecommunication Union, in his individual capacity.

selected publications

2025, Guide to Developing a National Cybersecurity Strategy (with ITU, World Bank, African Union, et al.)

2025, Anticipating compliance. An exploration of foresight initiatives in data protection (with S. Leucci and G. Rizzo), Computer Law & Security Review

2024, Redefining Systemic Cybersecurity Risk in Interconnected Environments (with G. Assenza and R. Setola), Applied Cybersecurity & Internet Governance

2023, World Bank Sectoral Cybersecurity Maturity Model (with O. Petrov, H. Mei-Zahav, et al.), World Bank

2023, Artificial Intelligence Human Rights Impact Assessment (with P. De Hert), Oxford University Press (in Artificial Intelligence and Human Rights)

2022, Report on the Adequacy of Identity Governance Transparency. GDPR, PIPEDA, and the Pan-Canadian Trust Framework (PCTF) (with M. Lizar), Digital ID & Authentication Council of Canada

2021, The European Commission Proposal Amending the eIDAS Regulation: A Personal Data Protection Perspective (with L. Jasmontaite and N. Tsakalakis), Brussels Privacy Hub

2019, Technical and Operational Issues Associated with Early Warning Zones for Critical Infrastructure (with S. Leucci et al.), European Union Joint Research Institute

2019, Digital Identity Roadmap Guide (with A. Rigoni, L. Russo et al.), United Nations International Telecommunication Union (ITU)

Stefano Leucci

Senior advisor · Data management and protection lead

Stefano has a legal and technical background in data protection, privacy governance, and critical infrastructure security.

Before joining Experiree, he was Technology and Security Officer at the European Data Protection Supervisor. He led the task force on the European Central Bank's digital euro project, coordinated the Financial Expert Subgroup of the European Data Protection Board, and created TechSonar (a foresight methodology applied by the EDPS). Earlier in his career, he was Data Protection Officer at a primary financial firm covering multiple European markets. He also served as Thematic Expert at the European Commission's Joint Research Centre on the EWZ4CIP project on critical infrastructure protection involving AI and biometrics.

He is currently also VP and Head of Data Governance and Protection at the Digital Technology and Data firm of a global automotive leader.

Stefano holds a Certified Information Privacy Professional (CIPP-E) qualification from IAPP, and a Certificate on Strategic Foresight from University of Houston.