Welcome to the home of my reflections on many subjects, mostly related to IT risks in a hyper-connected world. Who I am? That question is not easily answered, because it depends on the world view from which you ask this question. What attributes and qualifiers do you imply with 'who'?

Most people that are relevant in my life know me as Rick Veenstra. I mostly identify myself with my roles as husband and father, which suggests something about who the most important people in my life are. Beside these I have many other roles: son, brother, friend, fellow, customer, citizen, data subject and even employee.

For you who read this site because of its main subject, it might be relevant to know that I am an incurably eager learner, who likes to toy with ideas and to test concepts against mental models of the world (mostly my own). The questions "why?" and "why not?" are the main tools I use explore my world. Which can at times be very annoying, as any parent of a 2-year old will admit. You've got to love the toddler in yourself.

In the physical world my life is anchored in The Netherlands; in the virtual world of the Interwebs I drift around the oceans of true and pseudo-knowledge that is expressed in the many variants of English. I can mostly be found around the archipelagos of IT-related topics, but sometimes like to venture out to the seas of history as well. I am very interested in the way people form mental models to keep hold of a world that is way too complex to really understand. How people manage to make sense of an overload of information and raw data while coping with the uncertainties of life and (business) endeavours. The realm of Information Technology is soaked with hard to understand concepts and provides plenty of opportunities to get lost.

Once upon a time I was educated as a mechanical engineer, but my interests have expanded to design in visual and technical dimensions. For many years I thought of myself as an IT engineer, but somehow managed to outgrow my self-imposed limitations. After some years as in IT process manager I have ventured into the world of Information Security Management and now broadening my perspective to a more holistic view of IT Risk Management.

The opinions on this site are strictly my own and can in no way be considered as a position of my employers, whether past, present or future.


I do not create 'works'. I have a paid day-time job but that leaves me little space for creating 'works' that are relevant outside the context of my employers. According to my inner voice my life is empty and meaningless.



In the Internet of Things, the consumer is not a customer but a supplier

In the soon-to-be world in which everything is connected to everything, we will face quite some (unforeseen) challenges. One of those challenges is related to the protection of privacy and security of the system as a whole. The other one is the role of the consumer. To quickly sum it up in a single statement: In the Internet of Things, the consumer is not (only) a customer but (also) a supplier. In this blog post we focus on why we make this statement and why we think this new paradigm holds true. We talk about the fundamental shift in the way we think, or should think, about data and privacy.


Lessons from Benjamin Zander’s talk on TED 2008

Benjamin Zander is a world-famous classical orchestra conductor. During his talk at TED2008 on ‘classical music and passion’ he refers to a moment of ‘enlightenment’ as I would call it.

I was 45 years old, I’d been conducting for 20 years, and I suddenly had a realization. The conductor …


PSD2 vs GDPR: will we keep our privacy or not? Two major EU regulations on collision course

In an article that recently appeared on LinkedIn Pulse, one Krzysztof Trojan wrote about the conflics between two major European legislations that have quite some impact on the finance world.

The Revised Payment Services Directive (PSD2) will require financial institutions (especially banks) to open access to the personal information related …