Click the titles to see the information of the Winners

Team Information

  1. Dr. Andrew McCracken
    1. Role: Software Development Lead
    2. Bio: Dr. McCracken holds a Ph.D. in Engineering with 15 years of experience in AI-driven software development and large-scale GDPR-compliant cloud solutions. As a co-founder of DASK, he has led numerous projects focused on real-time data processing and security applications.
    3. LinkedIn: Andrew McCracken

       2. Dr. Nikolaos Tantaroudas

      • Role: Technical Project Manager
      • Bio: Dr Nikolaos Tantaroudas holds a Ph.D. in Engineering and an Executive MBA. Dr. Tantaroudas has extensive experience in managing multi-disciplinary teams and large-scale web cloud solutions. He oversees the technical execution and strategic direction of SentinelSphere.
      • LinkedIn: Nikolaos Tantaroudas

 Project Description: SentinelSphere

SentinelSphere is a cloud-based cybersecurity platform designed to enhance real-time threat detection, security event processing, and organizational situational awareness. The platform integrates predictive analytics, AI-driven incident forecasting, and a Traffic Light System to classify security risks, enabling both technical and non-technical users to assess cybersecurity threats effectively.

Key features of SentinelSphere:

  • Real-Time Threat Detection: Processes structured and unstructured security data in real-time, leveraging AI to classify and predict cyber threats.
  • Predictive Analytics & AI: Utilizes machine learning models to forecast security incidents with over 80% accuracy.
  • Traffic Light System (TLS): A user-friendly risk classification mechanism (Red: High Risk, Yellow: Medium Risk, Green: Low Risk).
  • LLM-Powered Chatbot: A knowledge-based AI assistant that provides explanations of cybersecurity incidents and recommended actions.
  • Data Lakehouse Architecture: Aggregates and analyzes over 100GB of security incident data for cross-organizational threat intelligence sharing.
  • Integration with ResilMesh: Seamlessly connects with ResilMesh via APIs for enhanced cybersecurity collaboration

Motivation for Participation in Resilmesh Open Call

The SentinelSphere team applied for the Resilmesh Open Call to contribute to the advancement of real-time cybersecurity resilience through innovative AI-driven event detection and collaborative threat intelligence.

Our key motivations include:

  • Enhancing Cybersecurity Situational Awareness: Many organizations struggle with fragmented and overwhelming cybersecurity data. SentinelSphere simplifies risk assessment and security incident visualization through an AI-powered dashboard.
  • Proactive Cyber Threat Forecasting: Current cybersecurity solutions focus on reactive measures. SentinelSphere integrates predictive analytics and real-time event processing to help organizations anticipate and mitigate threats before they escalate.
  • Alignment with ResilMesh’s Mission: ResilMesh emphasizes secure, decentralized cybersecurity collaboration. SentinelSphere directly aligns with this goal by integrating anonymized security event data across multiple organizations, enabling a shared cybersecurity defense ecosystem.
  • Scalability & Accessibility: SentinelSphere is designed to be easily adopted by both SMEs and large enterprises, ensuring accessibility and cost-effective cybersecurity resilience.

Team Information

Rafael Marin Perez (M)

Role: Project Coordinator & Senior Researcher in Cybersecurity & IoT/SCADA.

Short Bio: Rafael is Research Director in ODINS. He received his Ph.D. in Computer Science, at UMU in 2012. Since 2006, he worked as full-time researcher on more 20 international projects like NEPHELE, ANASTACIA, DIAC, Smart2B, Fed4IoT, PRECEPT, and DEMETER, in the fields of IoT/Edge/Cloud Computing and CyberSecurity/Privacy/Trust. He has coordinated several national and EU research projects (i.e. SISAGRI, GUARDIAN, DIAC, FlexUM, CYSEMA) based on its knowledge and skills in SCRUM-Agile methodologies and ProjectManagementProfessional (PMP) to guarantee cost-effective coordination and seamless collaboration with the Resilmesh consortium.

Links to CV/LinkedIn:

https://orcid.org/0000-0002-8521-1864

https://www.linkedin.com/in/rafael-marin-perez-ict-phd-pmp-scrum-729930173/

 

Ana Hermosilla (F)

Role: Senior Researcher in 5G/IoT, Cybersecurity and Orchestration.

Short Bio: Ana is a full-time researcher in ODINS. She is finalising his industrial PhD in ODINS with the collaboration of the University of Murcia. Since 2017 she has participated on several H2020 projects such as ANASTACIA, 5GINSPIRE and 5GAPS. She is currently working on the HorizonEU 6G-PATH project, focusing on designing, developing, and orchestrating secure 6G/IoT innovations for vertical applications in scenarios of Smart Cities and Agriculture. Her research is focused on Software Define Network, Function Virtualization, Resources Management and Distributed IoT/Cloud Orchestration.

Links to CV/LinkedIn:

https://orcid.org/0000-0001-6860-5100

https://www.linkedin.com/in/anahermosilla/

 

Jesús Sanchez (M)

Role: Senior Researcher in Cybersecurity for IoT devices and SCADA building system Short Bio: Jesús is a senior researcher at ODINS. He received his Ph.D. in Computer Science, at University of Murcia in 2021. Since 2018, he has participated on international projects like CYSEMA, IoTrust, H2020 Plug-n-Harvest, REWIRE, HYPER-AI, Smart2B. His research interests include Cybersecurity, privacy and trust in LPWANs, SCADA and IoT/Edge/Cloud applied to multiple sectors like Smart Cities and Precision Agriculture.

Links to CV/LinkedIn:

https://orcid.org/0000-0003-2673-3790

https://www.linkedin.com/in/jesus-s%C3%A1nchez-g%C3%B3mez-7946a6133/

 

María López Martínez (F)

Role: Junior Engineer in Software Development, IA and SCADA system.

Short Bio: María is a junior engineer in IA and SCADA systems at ODINS. María has a degree in Computer Science from UMU since 2022. And she has performed the master’s degree in AI/Bigdata from UMU in 2023. Since 2023, she has participated on HE projects such as HYPER-AI. She has worked on datasets, artificial intelligence models and distributed data computing applied to SCADA systems for Smart Buildings and Precision Agriculture. Miriam has specialised in the programming with Python, Java, JavaScript, HTML5/CSS, C++.

Link to CV/LinkedIn:

https://www.linkedin.com/in/mar%C3%ADal%C3%B3pez-mart%C3%ADnez-761700219/

 

Manuel Mora González (M)

Role: Senior Engineer in Software Development, IoT/SCADA & Smart City

Short Bio: Manuel is a senior engineer at ODINS. He has a degree in Computer Science from UMU since 2001.

He is working at ODINS since 2021 in different areas such as Systems Development for Smart City & Precision Agriculture, I+D+i research, and Cybersecurity. He has participated on several H2020 (i.e. DEMETER, PRECIMED, WATERMED) and national (i.e. OASIS, SISAGRI, GUARDIAN, DIRELMIVID, ESCIPION) projects, related to agri-food traceability, modernisation of irrigation and infrastructures, and IoT/SCADA solutions.

Link to CV/LinkedIn:

www.linkedin.com/in/manuel-mora-gonzález-5005a25

 

Project description

Nowadays, modern smart buildings become increasingly interconnected, and their operational technology (OT) networks and supervisory control systems (SCADA) are vulnerable to evolving cyber threats. The SEBURE (“SEcuring smart BUilding by enhancing OT networks and SCADA system with software actuators, REsilmesh mitigation, orchestration and enforcement”) project addresses this challenge by demonstrating the effectiveness of Resilmesh mitigation, orchestration, and enforcement operations within the OT domain, enhancing the cybersecurity framework of smart buildings managed by a SCADA system through innovative expansions to the Resilmesh Security Control plane producing two innovative outcomes for safeguarding the critical infrastructures, ensuring that smart buildings remain secure in the face of an evolving threat landscape. On the one hand, the project will introduce Mitigation Playbooks, designed to handle emerging cyber-attack types, backed by a new attack detection dataset with data collected during the project, that will optimize incident response strategies, ensuring that both known and unknown threats are effectively addressed. On the other, the project will develop novel Software Actuators tailored specifically to enforce cybersecurity actions in SCADA systems and the OT network that will respond dynamically to identified threats, enhancing real-time system defence. Finally, these SEBURE project innovations will be integrated within the Resilmesh platform.

Motivation for Participation in the Resilmesh Open Call

ODINS, an innovative SME in the ICT sector accredited by MINECO, ANCES and EU DigitalSME Alliance, has had from the beginning a strong interest in participating in the open call of the Resilmesh project. With a strong R&D track record in key areas such as IoT/6G, Edge/Cloud distributed computing, cybersecurity and AI data analytics, demonstrated in more than 40 research and innovation projects funded by H2020, HorizonEU, PRIMA, CDTI and AEI, ODINS is ideally positioned to contribute significantly to Resilmesh’s objectives. Our experience in the design and development of secure and interoperable products, including IoT devices, SCADA systems and AI-based services, for the management of infrastructures such as smart buildings, allows us to deeply understand the cybersecurity challenges faced by OT and SCADA systems in these scenarios. The increasing interconnectedness of these environments makes them particularly vulnerable to evolving cyber threats, and Resilmesh offers a crucial opportunity for ODINS to address these challenges. SEBURE will also open up possibilities for extending the building system in order to successfully address new niches in secure smart buildings market that represents an excellent business opportunity.

Team Information

Xilbi Sistemas de Información SL (XILBI)(https://www.xilbi.com/)
Xilbi Sistemas de Información SL (XILBI) is a Spanish IT technology provider, specialising in edge computing, cloud-native software, operating systems, and IoT applications. The organisation applies AI, XR, and cybersecurity expertise to develop robust solutions for critical infrastructure. It has participated in EU-funded R&I programmes under FP6, FP7, H2020, and Horizon Europe, among others. XILBI is also active in standardisation processes and commercial projects for renewable energy. Recognition includes the 2021 Copernicus Prize Catalonia/Spain for a PV fault detection and forecasting initiative.

Team Lead:

Pedro Branco, CEO, Founder & Project Coordinator (https://www.pedrobranco.com/)
Short Bio: Holds an MSc in Informatics Engineering and has over two decades of experience in ICT, IoT, and cyber-physical security. Has coordinated multiple EU-funded and ESA-funded projects, focusing on resilient system integration and data-driven solutions.

Fotovoltaica Macotera SL (FOTOMACO)(https://fotovoltaicamacotera.com/)
Fotovoltaica Macotera SL (FOTOMACO) is a Spanish SME active in renewable energy, agriculture, and tourism. It manages a photovoltaic power plant, providing both self-consumption electricity and surplus energy to the public grid. Agricultural operations cover 400 hectares of almond, pistachio, and maize fields, enhanced by IoT-based irrigation and resource monitoring. FOTOMACO has been involved in EU-funded projects focused on automation, energy management, and data-driven agritech. Industry collaboration supports ongoing innovations in sustainable energy production and advanced farming practices.

Team Lead:

Gregorio Sanchez, CEO, Founder & End-User Lead
Short Bio: Manages a photovoltaic power plant and oversees multiple R&D projects in renewable energy, agriculture, and tourism. Has extensive experience in European innovation programmes.

Project description

Project Acronym: RISE
Project Title: Resilient Intelligent Secure Energy Infrastructure
Selected Challenge: Extension to New Domains and Systems (Open Call 1)

The RISE project extends the Resilmesh platform’s capabilities to photovoltaic (PV) installations. Renewable energy facilities, particularly PV sites, are critical components of the energy grid but face unique vulnerabilities to both operational disruptions and cyber-attacks. RISE integrates:

  • Real-time Monitoring Agents and Edge Computing for immediate data collection and analysis.

  • AI-Driven Anomaly Detection that leverages both historical and real-time operational data, including Copernicus satellite information.

  • Secure Data Protocols to ensure end-to-end encryption, privacy safeguards, and resilience against cyber-physical threats.

The consortium involves Xilbi Sistemas de Informacion SL (XILBI) as a technology provider and Fotovoltaica Macotera SL (FOTOMACO) as the end-user, with validation occurring at a real-world photovoltaic facility. The RISE prototype will achieve TRL5, with the flexibility to adapt for other renewable domains such as wind and tidal power.

Objectives:

  1. Integration of PV Infrastructure with Resilmesh: Facilitate seamless data flow between PV systems and the Resilmesh platform.

  2. AI-Driven Threat Detection: Implement AI to identify operational anomalies and cyber intrusions in real time.

  3. Dataset Contribution: Introduce new PV-oriented datasets (including synthetic cybersecurity scenarios) for Resilmesh’s AI training.

  4. Real-World Validation (TRL5): Evaluate the integrated solution’s robustness and security performance in a functioning PV site.

Motivation for Participation in the Resilmesh Open Call

Participation in the Resilmesh Open Call 1 reflects a commitment to fortifying renewable energy infrastructures against both natural disruptions and malicious cyber-physical incidents. Key drivers include:

  • Enhancing Critical Infrastructure Resilience: Guaranteeing stable power generation and robust cyber defences in distributed energy systems.

  • Contributing Domain Expertise and Data: Offering diverse PV datasets, security scenarios, and operational insights to reinforce Resilmesh’s AI anomaly detection engines.

  • Promoting Collaboration and Innovation: Supporting knowledge exchange within the Resilmesh ecosystem to facilitate broader applications in solar, wind, or other renewable energy contexts.

Team Information

Christos Stefanatos (M)

(Parity Platform P.C.)  Christos, Mechanical Engineer (MSc) Product manager for Parity Platform.He has multi-year product management experience and leads internal team of software engineers to develop EV Loader.  Within the project he is liaising with CPOs and property owners, collecting feedback on privacy concerns and collaborates with software engineering team to define roadmap for new features.

https://www.linkedin.com/in/christosstefanatos/

Egidija Versinskiene (F), L3CE, Lithuanian Cybercrime Center of Excellence for Training, Research   Egidija Versinskienė is a cybersecurity specialist with extensive experience in network security, cyber threat analysis, and penetration testing. She has participated in several major European cybersecurity projects, where she focused on securing critical infrastructure and operational technology (OT) environments.

Project description
The Charge Cyber Secure (CCS) project aims to extend and adapt the Resilmesh framework to the rapidly growing EV charging infrastructure by developing and deploying an interoperable and open source cybersecurity framework specifically designed for the EV Charging domain. The project partners are Parity Platform, software development SME that has developed EV Loader a software platform that helps business and property owners remotely monitor and earn revenue from EV Charging Stations, and L3CE (Lithuanian Cybercrime Center of Excellence for Training, Research & Education), experts in cybersecurity testing and evaluation. 

Motivation for Participation in the Resilmesh Open Call
The Charge Cyber Secure (CCS) project aligns directly with the objectives of the Resilmesh Open Call by extending detection capabilities of Resilmesh to a critical and rapidly evolving OT domain: EV Charging Station (EVCS) Infrastructure

Click the titles to see the information of the Winners

AuraSec: Predictive Analytics and Tactic-Evasion (XAI) for ResilMesh AuraSec is a smart predictive AI module designed to connect seamlessly with the ResilMesh Cyber Situational Awareness (CSA) platform. Our solution addresses a critical vulnerability in modern Command-and-Control and financial infrastructures: the reliance on reactive threat detection. By utilizing a hybrid architecture that combines deep temporal learning, graph analysis, and probabilistic reasoning, AuraSec anticipates cyberattacks and forecasts attacker tactics before they materialize. Furthermore, it incorporates a robust Explainable AI (XAI) layer, providing human operators with interpretable, confidence-scored insights in real time to reduce operational risk and ensure mission continuity.

Our motivation for participating in the ResilMesh Open Call 2 is rooted in a fundamental operational necessity: Europe must transition from a reactive cybersecurity posture to an anticipatory one. In a landscape where adversaries deploy increasingly stealthy, multi-vector, and silent tactics, simply responding to alerts is no longer enough to protect our critical infrastructures.

We joined this Open Call to push the boundaries of current AI capabilities by building a system that not only predicts complex threats but completely transparently explains its reasoning to the human operators defending our networks. By integrating AuraSec into the ResilMesh ecosystem, we aim to provide tactical foresight, empowering defenders to neutralize threats proactively. Ultimately, our goal is to strengthen European technological sovereignty and ensure that our critical systems remain resilient, adaptive, and always one step ahead of the adversary.

Esteban Vázquez Ferreiro – Project Lead & Governance Expert Esteban is the Co-founder of Tesla Technologies and Software, S.L.. He holds a Master’s degree in Project Management and a Bachelor’s degree in Technical Engineering, Computer Science and Systems from the University of Santiago de Compostela. He brings extensive expertise in full-stack engineering and project coordination to ensure technical and ethical compliance.

Antonio Varela Nieto – Technical Architect & Lead Developer Antonio is a Co-founder, CTO, and Information Security Manager at Tesla Technologies. He holds a Bachelor’s degree in Technical Engineering in Computer Science and Systems, alongside a Master’s degree in ICT Security. He possesses official certifications in Python, Docker, and Oracle Java.

Silvia Mancebo Cobos – XAI Lead & Developer Silvia serves as a Programmer at Tesla Technologies. She holds a Degree in Computer Engineering and specializes in software analysis and development. She will lead the design and integration of the explainable AI (XAI) layer to ensure operator trust.

Daniel Blanch Muñiz – Testing & Piloting Specialist Daniel is a Technical Specialist in Industrial Electronics. He brings decades of practical experience from his extensive career at Telefónica, where he managed network infrastructures, operations, and technical plant maintenance.

Roberto Pérez Rodríguez, Communication & Exploitation Lead: Roberto holds a degree in Technical Engineering of Telecommunications. He has a strong background in technology intelligence and ecosystem coordination, having served in management and technical roles at Cluster TIC Galicia for several years.

The project EdgeGuard (Graph-Augmented xAI for Threat Intelligence on Edge Infrastructure), addresses the critical need for transparent, auditable threat intelligence for organizations with limited cybersecurity resources. Led by IICT-BAS in collaboration with their partner Ratio1, they are deploying a hybrid architecture that combines symbolic knowledge graphs with fine-tuned language models directly on edge infrastructure. This system transforms raw security alerts into clear, actionable recommendations that enable analysts to trace incident chains and respond effectively without relying on opaque cloud platforms.

Their motivation for participating in the Resilmesh Open Call is to validate these novel algorithms in a robust, decentralized environment. By leveraging Ratio1’s specialized edge cloud capabilities and commercial expertise, they aim to bridge the gap between advanced research and practical application, ensuring our solution effectively democratizes cyber defense while meeting the rigorous demands of critical infrastructure.

The Institute of Information and Communication Technologies, Bulgarian Academy of Sciences (IICT-BAS), is Bulgaria’s leading research institution in ICT. Within the Department of Modeling and Optimization, we focus on enhancing decision-making support systems, analyzing complex systems, and optimizing multi-source data. Their team specializes in IoT, cloud architectures, and machine learning models for classification and behavioral pattern analysis. Additionally, they explore the use of Large Language Models (LLMs) for red-teaming tasks, particularly in high-stakes fields such as education, cybersecurity, and national security.

Ratio1.ai (Naeural SRL, Romania) is a Romanian SME building a decentralized AI “meta-OS” that enables development, deployment, and operation of AI workloads across heterogeneous edge environments using blockchain coordination and containerization. Within EdgeGuard, Ratio1 acts as the end-user/technology adopter and integrator, contributing the deployment fabric and core services such as Deeploy (smart-contract-driven orchestration for container workloads) and dAuth (decentralized authentication for secure node identity), enabling zero-trust, resilient rollouts across multiple edge sites.

Professor Atanasova is the Head of the Department of Modeling and Optimization at IICT-BAS. Her background includes a Dipl. Eng. in Automatics and a PhD in Technical Cybernetics. She has decades of experience at the intersection of complex control, knowledge-based systems, and semantic technologies. Having coordinated BAS-RAS collaborations and led Bulgarian participation in FP6 and other European initiatives, she brings extensive experience in distributed systems and model-based optimization. In this project, she provides the mathematical and algorithmic backbone, leading the formalization of objectives for fidelity, stability, and calibration.

Kalin Kopanov is a researcher at the Modeling and Optimization Department at IICT-BAS. He holds over 15 years of experience in national security, with expertise in social media analysis, data mining, and disinformation analysis. He specializes in AI research and development, natural language processing, AI ethics, and bias mitigation, effectively bridging practical security experience with cutting-edge research.

Andrei Ionut Damian, PhD, is the founder/CEO of Ratio1.ai and an Associate Professor at the Polytechnic University of Bucharest, with a career spanning applied AI research, MLOps, and production-grade delivery of AI systems across industry and academia. In EdgeGuard, he leads on-edge MLOps research and engineering, shaping the ML/DL architecture, decentralized orchestration, and DevOps practices needed to run GraphRAG and xAI capabilities securely and reliably on distributed edge infrastructure.

Cristian Bleotiu is a Ratio1 Data Scientist and ML/DL engineer specializing in NLP and compact language/reasoning models suitable for edge deployment, with hands-on work spanning model engineering and synthetic data workflows. He is a co-author of various Ratio1’s research in the area of decentralized AI and, in EdgeGuard, contributes ML/NLP expertise and synthetic data engineering to support accurate, efficient threat-intelligence enrichment and explainable outputs under real edge constraints.

Bogdan Ionescu is a ITSec professional at Ratio1/Naeural who brings an analyst-first Security Operations (SOC) perspective to EdgeGuard delivery and validation. As SOC Analyst & Validation Lead, he drives use-case definition and acceptance criteria, coordinates synthetic and production validation (including user-study inputs), and provides continuous feedback to ensure the solution fits real incident triage and threat-intelligence workflows.

CHAMELEON: Adaptive Resilience and Pod Defense for the Connectivity Mesh
The CHAMELEON project introduces a next-generation cybersecurity solution that transforms how Kubernetes environments handle resilience and defense. Moving away from heavy, traditional service meshes, CHAMELEON utilizes a lightweight, sidecar-less architecture based on NATS messaging. Its core innovation, the Chameleon Pod Defense (CPD) framework, implements Moving Target Defense principles by continuously and randomly recycling application containers (pods) and embedding honeytokens. This creates an unpredictable, self-healing runtime environment that disrupts attacker persistence and lateral movement while ensuring zero-downtime service continuity.

“Our motivation to participate in the Resilmesh Open Call stems from a desire to shift cybersecurity from a reactive stance to a proactive, adaptive one. At Sunesis, we identified that current Kubernetes service meshes often introduce unnecessary complexity and latency (sidecar overhead) while remaining static targets for cyber threats.

We see the Resilmesh ecosystem as the ideal environment to validate our CHAMELEON solution—a lightweight, NATS-based mesh that integrates Moving Target Defense. By aligning with Resilmesh’s challenge to extend connectivity to new domains, we aim to demonstrate that digital infrastructure can be both highly efficient and inherently hostile to attackers. This collaboration allows us to bring our expertise in cloud-native orchestration (from projects like HEADLIGHT and INTERSTORE) to a broader European resilience framework, directly supporting the NIS 2 Directive’s goals for critical infrastructure protection.”

Role: Project Manager
Dr. Eva Zupančič holds a PhD in Computer Science from the University of Ljubljana and serves as the CEO of Sunesis. With a track record of over 10 national and EU projects focused on IT and digitalization, she provides strategic guidance, project management, and leads business development for the CHAMELEON project.

Role: Technical Lead
With over 30 years of industry experience and a PhD in Computer Science, Dr. Frece brings deep technical expertise to the team. He was the core developer in the INTERSTORE project, where he developed the NATS-based messaging systems that serve as a foundation for CHAMELEON.

Role: Software Developer
Dimitar Stefanov holds an MSc in Computer Science and serves as the main technical developer. As the former lead developer of the HEADLIGHT project, he brings specialized expertise in Kubernetes orchestration and deployment, essential for the technical execution of CHAMELEON.

X-MESH extends the Resilmesh platform by delivering a standards-based Interworking Mesh that enables seamless cooperation between internal Resilmesh components and external cybersecurity tools. The project operationalises Open XDR Architecture (OXA) principles using Meshroom as a declarative onboarding and interoperability layer.

At its core, X-MESH introduces a CACAO-native SOAR environment that integrates playbook authoring and execution, enriches them with STIX/TAXII-based cyber threat intelligence, and enforces them through OpenC2 command execution. Security alerts can automatically trigger machine-readable playbooks, which enrich context from intelligence platforms and execute structured mitigation commands across heterogeneous systems.

A key innovation of the project is an AI-assisted integration mechanism capable of parsing OpenAPI specifications to automatically generate and maintain CACAO-based connectors. This drastically reduces integration time, complexity, and cost and ensures sustainable, self-updating interoperability across tools and domains.

The outcome is a vendor-neutral, plug-and-play orchestration fabric that enhances situational awareness, coordinated response, and automation maturity within and beyond Resilmesh.

The Resilmesh Open Call represents a concrete opportunity to demonstrate how open standards can move from specification to operational reality. The Interworking Mesh challenge directly aligns with Cyentific’s long-term vision: enabling collaborative, machine-readable, and automated cyber defense through interoperable architectures rather than proprietary silos.

Participating in Resilmesh allows us to validate and showcase a practical implementation of Open XDR principles within a European ecosystem, contribute reusable open-source artefacts, and strengthen alignment with EU regulatory objectives such as coordinated incident response and cross-border collaboration.

Their motivation is straightforward: help organizations reduce fragmentation in cybersecurity operations, lower integration barriers for organizations of all sizes, and prove that standards-based automation can deliver measurable improvements in resilience, scalability, and collective defense.

Chief Innovation Officer

Mateusz Zych is a Director at Cyentific AS, managing its innovation activities. He specialises in standards-based security orchestration and AI-driven automation for Security Operations, focusing on transforming open standards such as CACAO, OpenC2, and STIX/TAXII into operational, machine-readable playbooks and executable response mechanisms.

He has extensive expertise in architecting interoperable systems, designing declarative integration layers, and building automation frameworks that connect threat intelligence with enforceable mitigation actions. As a leader, Mateusz combines strategic vision with hands-on technical execution, guiding multidisciplinary teams from concept to validated implementation while maintaining alignment with open standards and ecosystem best practices.

Through active engagement in international cybersecurity standardisation efforts, he ensures that innovation is not isolated but embedded within globally recognised frameworks. His leadership approach emphasizes technical rigor, long-term sustainability, and vendor-neutral design, delivering scalable, reusable solutions that strengthen collaborative, automated cyber defence.

Trainee Software Developer

Kamil Maciag is an early-stage software developer and second-year IT student with a strong interest in backend systems and cloud-based architectures. He has worked with technologies such as C#, Java, JavaScript, Spring Boot, .NET, Azure, Docker, and Git, and enjoys building structured, reliable solutions to real technical problems.

He is analytical, disciplined, and comfortable contributing within collaborative development environments. Kamil is particularly motivated by improving system design, writing maintainable code, and understanding how modern backend and cloud components interact in production environments. His focus is on developing technical depth and engineering maturity through hands-on implementation.

Intern onboarded for X-MESH

Safin Doski Hassan is a Bachelor’s student in IT and Information Systems with a strong interest in cybersecurity and full-stack development. His academic focus combines software engineering with information security, including networking fundamentals, authentication mechanisms, encryption, and secure system design.

He works with technologies such as Python, Java, JavaScript, React, Node.js, SQL, and MongoDB, and has experience building structured user interfaces while understanding backend logic and data flows. Safin approaches projects with curiosity and a security-oriented perspective, focusing on how software design decisions affect resilience and trust.

He is particularly interested in how interoperability, automation, and cybersecurity standards translate into practical implementations, using the internship as an opportunity to deepen his understanding of secure system integration and applied cyber defence.

Dr. Vasileios Mavroeidis provides Cyentific with innovation thought leadership and strategic guidance on the ethical and responsible use of AI in cybersecurity, emphasizing privacy, transparency, and accountability. A Professor of Cybersecurity, he brings extensive expertise at the intersection of cyber threat intelligence, security automation, artificial intelligence, risk management, and collective defence. His work focuses on strengthening organizational resilience and enabling the practical implementation of major European cybersecurity frameworks, including NIS2, the Cyber Solidarity Act, and the Cyber Resilience Act.

An internationally recognized contributor to global cybersecurity standards, he serves on the Board of Directors of OASIS and has been named an OASIS Distinguished Contributor for advancing open standards and open-source initiatives. Since August 2025, he has been a member of the ENISA Advisory Group, advising on strategic cybersecurity priorities at the European level. Through his leadership in international standardization efforts—including the Collaborative Automated Course of Action Operations and Threat Actor Context standards—he helps shape the future of automated, interoperable, and intelligence-driven cyber defence.

Project acronym: RUBICON
Title: Robotics UEBA for Industrial Cyber Operations and Networks
Resilmesh Open Call: Open Call 2 – Challenge C2 (New Analytic Algorithms and Architectures)

RUBICON is a robotics-aware User and Entity Behaviour Analytics (UEBA) module designed to enhance cyber-resilience in smart manufacturing environments where human operators, collaborative robots (co-bots), AGVs, PLCs, and OT networks interact. It shifts detection from static Indicators of Compromise (IoCs) to dynamic Indicators of Behaviour (IoBs) by learning normal sequences and detecting deviations that may indicate misuse, compromise, or malfunction.

The solution is built to integrate with the Resilmesh SOAPA/NDR architecture, ingesting and normalising multi-source telemetry. RUBICON applies MITRE D3FEND-aligned behavioural analytics, notably:

  • Network Traffic Analysis (NTA) to identify unusual communication patterns between robots/controllers and endpoints.
  • Resource Access Pattern Analysis (RAPA) to profile user/service access patterns and flag out-of-role or out-of-window access attempts.

RUBICON will deliver a TRL-6 prototype integrated into Resilmesh, validated in a live pilot at NEVULI’s factory, with measurable KPIs (including expected MTTD reduction, controlled-scenario detection performance, and bounded analytics overhead). It also contributes an anonymised behavioural dataset (multi-modal events and labelled IoB sequences) and practical deployment guidance for industrial contexts.

Our motivation to participate in Resilmesh Open Call 2 is to strengthen Resilmesh’s capability for behaviour-driven detection in cyber-physical manufacturing systems, where conventional IT-centric UEBA and signature-based OT monitoring are insufficient.

Specifically, RUBICON addresses Challenge C2 by:

  • Extending Resilmesh analytics into robotics-enabled industrial operations, where human-machine-network interactions create complex behavioural dynamics.
  • Operationalising IoB-centric and D3FEND-aligned detection methods that improve precision and explainability in OT/IIoT environments.
  • Producing a validated, integrated TRL-6 module and a curated dataset that can be reused by the Resilmesh ecosystem for reproducibility and cross-domain adaptation.

OBSIDIAN is an applied R&D organisation focused on cyber-resilience, secure digital infrastructures, and AI-enabled analytics for industrial and cyber-physical systems. In RUBICON, OBSIDIAN leads the technical development and integration of the robotics-aware UEBA module, including data ingestion/normalisation, behavioural analytics, and interoperability with the Resilmesh platform.

NEVULI is an industrial end-user and pilot-site operator with hands-on experience in smart-manufacturing operations and the deployment of automation assets such as collaborative robots and AGVs. In RUBICON, NEVULI provides the real operational environment for validation, coordinates pilot execution and KPI verification, and supports access to representative OT/robotics telemetry required to test and demonstrate the UEBA module under realistic conditions.

Short bio: Holds a Master of Science (MSc) in Informatics Engineering and brings over 20 years of professional experience in cyber-physical security, AI systems, and industrial digitalisation. As RUBICON’s coordinator, he leads the overall technical development and integration of the UEBA module within the Resilmesh platform, ensuring interoperability with OT and robotics systems. He has successfully coordinated multiple projects for the European Space Agency (ESA), the European Commission (EC), and the private sector, combining deep technical expertise with strong leadership in research, innovation, and system deployment.

Short bio: Holds a Degree in Accounting and Financial Management with experience in industrial operations and project coordination. In RUBICON, oversees NEVULI’s pilot activities, manages resource allocation and scheduling, and ensures smooth integration of the factory’s co-robots and AGVs with OBSIDIAN’s analytics. Responsible for on-site validation, ethical compliance as Data Controller, and KPI verification during pilot tests, while maintaining quality assurance and documentation for reproducible project results.

Resilmesh
Powered by  GDPR Cookie Compliance
Privacy Overview

TERMS OF USE - COOKIES POLICY - DATA PROTECTION POLICY

TERMS OF USE

The RESILMESH project website https://ResilMeshproject.eu/ is owned by the RESILMESH Consortium and managed by the Center for Security Studies (KEMEA), as a Consortium member.

RESILMESH is a research project that has received funding from the EU-funded HORIZON project under grant agreement no. 101119681. The project started on 1 October 2023 and is scheduled to end on 30 September 2026. The RESILMESH consortium consists of 11 leading partners in the area of cybersecurity defence and AI (7 academic institutions and 4 industrial partners) and 3 critical infrastructure operators.. The present website is part of the dissemination and communication activities undertaken by the RESILMESH consortium with the aim to successfully communicate its research outputs on a rather innovative topic to a wider public and facilitate the creation of synergies with interested stakeholders.

This website can provide all (hereafter referred to as ‘users’/‘visitors’) with information, participation, content delivery, or content collection services regarding the project RESILMESH, under the terms of use included in this document.

The website is the sole responsibility of the Parties of the Consortium and cannot be considered to reflect the views of the European Commission. The use/visit of this website and/or its services is provided under the unconditional acceptance of the terms of use described herein. Navigating through this website, staying on this website, creating links to it (URL) or to its files/services, and archiving/bookmarking it, constitute acceptance of its terms of use.

The use of the website must be conducted solely under legitimate purposes and in a manner that does not restrict or impede its use by third parties. The user/visitor of this website is obligated to use it in accordance with the law and the present terms of use. The user/visitor of the website shall not commit any acts or omissions that may cause damage or malfunction and may adversely affect or endanger the provision of services provided through the website to citizens.

The content of the website, including (indicatively and not exhaustively) texts, graphics, images, videos, sounds, services, etc. (hereafter referred to as ‘Content’) is legally protected under the applicable Intellectual Property Rights legal framework and we reserve all rights of use and ownership of the Content, all copies created based on it, as well as all intellectual property rights and all other property rights pertaining to it.

We make reasonable efforts to ensure that the information and content that appears on the website is as accurate, true and up-to-date as possible. It also provides the content (e.g., information, names, photographs, pictures, images, data, etc.) and the services made available through the website ‘AS IS’. Under no circumstances, can we be held liable for any legal claims, civil or criminal, or damages of any kind (direct loss, special damage, or indirect loss) to the user/visitor of this website.

The website may contain links to third-party websites for the sole purpose of providing information to the user/visitor. The referral to links belonging to third-party websites does not constitute an endorsement of their views and actions or the acceptance of the content they express, publish or post. Third-parties – owners of the websites/responsible under the law – are solely responsible for the content of their websites or for any damage that may result from their use when the user / visitor of the Website gains access to them.

We make all efforts to ensure the proper function of our network but we do not guarantee that our server operations will be uninterrupted or error-free, free from viruses, malicious software or other similar elements.

The terms and conditions of use of this website, as well as any amendment thereof, are governed by and supplemented by the applicable national and European law and the applicable international treaties. Any provision of these terms which is found to be against the above legal framework or is rendered invalid ceases to be valid and enforceable and shall be withdrawn from the present terms, without in any way undermining the validity of the remaining terms.

The terms and conditions of use of this website constitute the overall agreement between the Consortium and the users/visitors of its webpages and services and bind solely them. No modification of the terms of use is taken into account and is part of this agreement, unless it is expressed in writing and is incorporated in the present Terms of Use. Unless otherwise stated on this website, the above terms of use are immediately applicable in their entirety. We unilaterally reserve the right to modify, add, alter the content or services of the Website and its terms of use, whenever it deems necessary, without prior notice, through this website, always within the legal framework in force.

You may access the website https://ResilMeshproject.eu/ without having to disclose any data about your person. Nevertheless, the installed browser on your device sends automatically information to the server of the RESILMESH website, including information about your browser type and version, as well as the date and time of access, so as to establish a connection and permit your access to the website.

COOKIES POLICY

We use cookies and analytics services to maintain and monitor the performance of the RESILMESH website and to optimize our services, as well as to receive aggregate data that we can use in our dissemination reports for the European Commission.

Cookies are data files that are transferred from a web server to the Website visitor’s computer, in order to keep statistics and to provide the best experience to the visitor – strictly necessary and functional cookies. Cookies are an industry standard used by most websites to facilitate the user’s repeated access to a website and its use through the personalisation of the service provided as they can store the personal choices of the user. Cookies are not harmful to the user’s computer system or its files, and apart from the user himself/herself/themselves, only the website from which a particular cookie has been transferred to his or her or their computer can read, modify it or delete it.

If the user/visitor does not wish his or her or their information to be collected through cookies, he or she can use the “reject” option on banner. It should be noted, however, that discarding cookies may result in making it more difficult or impossible to use certain parts of the Website, and/or that there is a change in its intended appearance and operation, as a permanent connection will be required. At all events, the user/visitor can manage the collection of any cookies through the website’s settings.

We shall contain such data in hardcopy and electronic files and/or databases in full compliance with data protection legislation, including security and confidentiality requirements based on the principles of good practice, proportionality and transparency regarding processing.

The RESILMESH website will use the Matomo for WordPress plugin. Matomo is an open-source web analytics platform. A web analytics platform is used by KEMEA (the website owner), in order to measure, collect, analyse and report visitor’s data for dissemination and reporting of the project purposes. For more information, we advise you to visit: https://matomo.org/ . Matomo settings are customized, so that the visitor’s IP address is anonymized.User ID tracking and content tracking are disabled. We have also disabled first -party analytics cookies and all third-party cookies . Essential non-analytics cookies may be created, for which you will be asked to consent. You may choose to prevent this website from aggregating and analysing the actions you take here. For that reason, you will be asked whether you opt-in or out of tracking.

Please, note that you will be asked to consent on the use and storage of cookies and/or trackers.

DATA PROTECTION POLICY

The present data protection policy clarifies in a layered manner the processing of personal information of visitors of the RESILMESH project website. The data processing on the RESILMESH website is pursuant to Regulation (EU) 2016/679 (General Data Protection Regulation), Greek Law 4624/2019 on the protection of personal data and any other applicable law.

  1. Data Controller

The Data Controller is the Center for Security Studies (KEMEA) with offices in Athens, at P. Kanellopoulou str., 4, 10177 Greece. The Data Controller can be contacted by writing to the address above or by sending an e-mail message to kemea@kemea.gr , or by calling at Telephone: +30 2107710805 or sending a Fax at Fax number:  +30 211 100 4499.

  1. Data Protection Officer (DPO)

KEMEA’s Data Protection Officer may be reached at dpo@kemea-research.gr in case you have any question about the processing of your data when using the RESILMESH website or you wish to exercise any of your rights as a data subject.

  1. Types of personal of personal data to be processed:
  • When visiting the RESILMESH website

The IT systems and applications designated for the operation of this Website detect, during the course of their ordinary operation, certain data – the transmission of which is implicit in the use of Internet communication protocols – not associated with directly identifiable users.

The data collected may include cookies, IP addresses of computers used by users connecting to the site, the URI – Uniform Resource Identifier – addresses of the resources requested, the time of the request, the method used to send the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (completed successfully, error, etc.) and other parameters relating to the operating system and the user’s IT environment.

  • When filing a question/request via our contact form

Other personal data collected are those provided by the user/visitor when corresponding with the e-mail addresses indicated on our website or when filling our online contact form or registering on the website (providing e.g., name, surname, username, password, e-mail address, institution/body etc.).

The sending of personal, non-mandatory data also by email on an optional, explicit and voluntary basis to the addresses indicated on this website means that the address of the sender is then acquired, this being necessary in order to respond to the request, together with any other personal data included in the message.

  1. Purposes of processing

The personal data of the user/visitor are processed for the following purposes:

  • communication for responding to any requests/questions submitted by the user/visitor,
  • security and proper functioning of the RESILMESH website,
  • dissemination of the RESILMESH project and its results, invitation to other relevant activities
  • compliance with legal or administrative obligations.
  1. Legal basis

The data processing takes place according to Article 6(1)(a) GDPR, your informed consent. You may withdraw your consent at any time with future effect, by sending an informal email to dpo@kemea-research.gr. We may also process personal data based on Article6(1)(c) GDPR, when the processing is necessary for our compliance with a legal obligation.

  1. Data recipients

Data recipients of:

  • Information that the Consortium is obligated or entitled by law, contract, judgement and regulatory decision to notify may be: public and independent administrative authorities, judicial authorities and public officials.
  • All the information necessary for the achievement of each specific purpose: the Administration and the relevant services of KEMEA and the RESILMESH

KEMEA and the RESILMESH Consortium shall not disclose, assign, exchange, grant or otherwise dispose, without the consent of the user/visitor, to third parties, natural or legal persons, personal data other than the cases mentioned above within the scope of national laws provisions and the General Data Protection Regulation.

  1. Data transfer

No transfer to non- EU countries/ international organizations is foreseen.

  1. Rights of the data subject

You have the following rights:

  • pursuant to Article 7(3) GDPR, you have the right to withdraw your consent at any time and without any consequences for you. This means that in future we may no longer continue to process the data if the processing is based on this consent;
  • pursuant to Article 13 ,14 and  15 GDPR, you have the right to obtain information about whether your personal data are processed by us and where that is the case, access to those personal data. In particular, you have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information : the purpose of processing, the categories of the personal data, the categories of recipients, to whom your data has been or is disclosed to, the storage period planned, the existence of a right to request from the controller rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint and the source of your data if it has not been collected by us. Pursuant to Article 12 GDPR, we must provide any communication relating to the processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language.
  • pursuant to Article 15 GDPR, and in case your personal data are processed by us, you have the right to access those personal data.
  • pursuant to Article 16 GDPR, you have the right to obtain the rectification of inaccurate personal data without undue delay or the completion of your personal data stored with us;
  • pursuant to Article 17 GDPR, you have the right to obtain the erasure of your personal data stored with us without undue delay, unless processing is necessary to exercise the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes or to establish, exercise or defend legal claims;
  • pursuant to Article 18 GDPR, you have the right to request the restriction of the processing of your personal data under the conditions set by the applicable laws;
  • pursuant to Article 20 GDPR, you have the right to receive your personal data, in a structured, commonly used and machine-readable format or to obtain the transmission to another data controller (right to data portability);
  • pursuant to Article 77 GDPR, to lodge a complaint with a national supervisory authority. You can contact the supervisory authority of your habitual residence or workplace or our company headquarters. In the latter case, you can file a complaint with the Hellenic Data Protection Authority (gr)

If you wish to exercise any of your rights, you may contact us via e-mail at dpo@kemea-research.gr.

  1. Data retention

Your personal data is retained only for as long as it is necessary to fulfill the purposes described above, and they will be retained until 02 February 2031 (22/02/2031) as a maximum, unless a longer retention period is required by legal obligations or regulations.

  • Data security

Your personal data are processed by electronic means in compliance with the provisions of Article 32 of GDPR 2016/679, national law and in compliance with the principles of data’s confidentiality, integrity, and availability. Your personal data are transferred in an encoded manner using the widely used and secure TLS (Transport Layer Security) encryption standard. You will recognize a secure TLS connection by the additional “s” after “http” (i.e., https://..) in the address bar of your browser or from the lock icon. Moreover, we use suitable technical and organizational measures, which are being continuously enhanced, to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties.

  1. Amendments to this Data Protection Policy

This data protection policy is effective as of April 2023.

We keep our Data Protection Policy under regular review to make sure it is up to date and precise. Thus, it may become necessary to change it due to the potential addition of new features to the RESILMESH website or due to further legal requirements. You can have access to the latest data protection information on the RESILMESH website here.