Aikido
Start for Free
No CC required
Story
7 min read

Securing Belgium’s data future: how Athumi brings dev-first security to government & beyond

“Aikido is a dynamic partner that shows up with the right focus exactly when you need it most: amidst high security standards, legislation and geopolitics.”

David Van den Brande
CTO
Table Of Contents
TOC Item
Website
https://athumi.eu/
Founded
2023
Industry
Funding Raised
Headquarters
Brussels, Belgium
Development Team Size

Athumi plays a central role in enabling trusted data exchange in Flanders, one of Belgium's three regions (accounting for roughly 60% of Belgium's population). As a data intermediary, their mission requires the highest levels of data protection, compliance, and developer empowerment. We spoke with Athumi’s CTO, David Van den Brande, to explore how the company scaled its security maturity, and why Aikido became a key partner in that journey.

“Aikido is a dynamic partner that responds at exactly the right moment with the right focus to address the growing need for effective cybersecurity.”

Can you introduce yourself and your role at Athumi?

I’ve been with Athumi since the beginning, when we were still a program inside Digitaal Vlaanderen, an agency of the Flemish government working on the digital transformation of public services. I oversee both technology and infrastructure, guiding architectural decisions to ensure coherence, agility, and strategic fit across the organization.

What drew me in was the scale of the challenge: merging legacy systems with new platforms, balancing decentralized development teams with unified governance to ensure high quality standards and corporate-level compliance. You need to do it all while driving ambitious innovation projects and leveraging technology to establish and cultivate collaboration between public and private partners.

What is Athumi's mission, and how do you support the Belgian government?

Athumi started as a part of the Flemish Resilience Recovery Plan during the COVID period to support economic recovery in Flanders, Belgium. We act as a data intermediary that is trusted by governments and private organizations to make personal and business data flow securely.

GDPR and NIS2 created important protections, but they also made it hard for systems to talk to one another. We saw a gap in the market: how do you unlock data without violating trust? Athumi helps fill that gap, technically, legally, and organizationally.

How important is security in your work?

Security is at the heart of everything we do. We deal with both personal data and confidential business information. Trust is non-negotiable. Our entire ecosystem depends on it.

That’s why we invested early in a dedicated Information Security Management System (ISMS), hired a CISO, and structured our organization to elevate cybersecurity as a board-level responsibility.

What challenges did you face before working with Aikido?

We had multiple challenges:

  • Fragmentation: We had multiple  hosting targets, each with its own CI/CD pipeline and specific deployment rules.
  • Compliance overhead: Centralized audits clashed with team-specific workflows.
  • Developer distance from risk: Devs weren’t always aware of security impacts until late in the cycle.
  • Lack of visibility: Leadership couldn’t confidently say “we ship secure code.”

Security awareness varied greatly. While the board needed clear assurance, developers needed tangible, actionable tools. “Walk your talk” only works if people have the means to follow through.

“I didn’t want to be the outsider-CTO pushing security top-down. Aikido helps developers grow by learning secure coding in context; each vulnerability they fix makes them better at preventing the next.”

What was the trigger to formalize your security approach?

When we unified our previously fragmented hosting landscape across teams, it gave us a clean slate to redesign our CI/CD pipeline. Our advisory board, made up of independent security experts, challenged us: ‘how will you make this new pipeline secure by design?’

That led us to explore solutions that support decentralized teams, without enforcing a one-size-fits-all pipeline. 

How did you discover Aikido?

Aikido came to us through a mix of peer recommendations and advisory board input. We were mapping the ideal secure CI/CD process, evaluating how teams worked. Aikido stood out with its flexibility: it integrated seamlessly with existing team workflows -- whether MOB’ing on main, working with feature branches, or shipping through PRs.

The team could stay in control, while still benefiting from clear, automated security checks.

What stood out during your evaluation?

Three things stood out:

  1. On-the-job developer feedback: Our teams learn by doing, not by attending formal security courses. Aikido fits that mindset.
  2. Non-intrusiveness: It runs as a sidecar. It complements our workflows without blocking them.
  3. Immediate value: Developers get fast insights, helping them fix things in the flow of work.

“The feedback loop is instant. Developers don’t need training courses, they learn by doing, and Aikido supports that.”

How did integration go?

We started simple: IDE plugins, Slack alerts, Jira integration, so teams could start seeing results right away. The low barrier to entry was key. Now, we extended into runtime security and cloud config. You can scale it at your pace, team by team.

“It’s not embedded, it’s a sidecar. You stay in control of your production path, while Aikido makes security visible and actionable.”

How has Aikido changed your way of working?

Security is no longer a blocker or a silo. It’s a habit: part of how our teams ship code. We’re actively establishing:

  • More awareness among developers
  • Faster vulnerability remediation
  • Better audit readiness
  • Central dashboards for transparency

“Aikido helps us walk our talk by turning our security commitment into real action across development and runtime environments.”

Has it helped with compliance?

Absolutely. We’re working toward ISO certification, and Aikido plays a big part in documenting, tracking, and communicating our security posture.

Security is not a checkbox, with Aikido, we improve it structurally and demonstrate maturity effortlessly, anytime.

What would you say to other government tech leaders?

Start with trust. Don’t impose tools, but enable your teams with the right ones. Security is not a back-office function. It’s a product concern, a platform concern, and a business enabler.

Aikido evolves with us. It doesn’t lock us into one way of working. That flexibility is crucial when you're managing decentralized teams and scaling compliance simultaneously.

Why does it matter that Aikido is European?

It matters more than you’d think. Security is strategic. Supporting European innovation aligns with our values around economic resilience, sovereignty, and trust and compliance with the evolving European regulatory framework. Having a European (and, in our case, Belgian) partner who gets our context is a big advantage.

How would you describe Aikido in one sentence?

“Aikido is a dynamic partner that shows up with the right focus exactly when you need it most: amidst high internal security standards, legislation and geopolitics.”

“Aikido is one of the tools that turns abstract security policies into concrete, actionable practice. It lets us lead by example, inside Athumi and across the Belgian and European ecosystem.”
Download Case As pDF

Other great stories told by our customers

View story
Athumi
How Helin made security developer-first across industrial and renewable systems.
View story
Helin
FinTech
View story
Faspay
Other
View story
Midaxo
Software Development
View story
Go Autonomous
HRTech
Aikido turned Vanta from a quarterly scramble into always-on security.
View story
HiringBranch
SecurityTech
Snyk’s output was hard to act on & duct taped to other tools for full coverage.
View story
Apheris
Agencies
Dev-first security, minus the chaos: how TechDivision unlocked speed and clarity.
View story
TechDivision
Other
Retail-ready security with real-time insights & fewer false positives.
View story
Coniq
Other
Executing on a long-term security roadmap
View story
SecWise
Software Development
From a patchwork of open-source tools to a centralized security posture.
View story
Kunlabora
Agencies
From startup speed to enterprise scale, Gravity unites UX and AppSec with Aikido.
View story
Gravity
Other
Easily securing InviteDesk's growth by acquisition.
View story
InviteDesk
Other
From SOC 2 audit preparation to continuous compliance.
View story
OutboundSync
Agencies
Securing 100+ repositories across clients and projects.
View story
CORE
Agencies
Streamlining security across 1.500+ repositories without breaking the bank.
View story
November Five
HRTech
Replaced noisy tools with <1 min fixes and dev-first workflows.
View story
Simployer
FinTech
CertifID's previous solution let them chase too many false positives.
View story
CertifID
PE & Group Companies
Delivering SCA and beyond to 6,000+ developers.
View story
Visma
FinTech
Minimizing false-positives, while keeping GitHub as the single source of truth.
View story
Bound
HealthTech
Birdie's fastest time to resolution? 30 seconds.
View story
Birdie
Software Development
Marvelution weaves security into its one-word business plan: "fun".
View story
Marvelution
HealthTech
Realizing efficiency gains, from one intuitive interface to pentests behind the login wall.
View story
Mediquest