DORA & Threat Lead Penetration Testing with Marko

Banks are now required to do red teaming exercises. Marko Buuri (Bank of Finland) showed us how TIBER-FI helps to create threat intel based red teaming exercises.

Marko's visit was part of my Penetration Testing course. You can join my list to get invitations to similar events.

Synopsis

Cybersecurity red team testing has evolved from underground art to regulated operations in the European financial sector. This lecture explores the requirement for advanced threat-led penetration testing in EU's DORA regulation, and practical guidance on how those projects are organized and delivered according to the TIBER-EU guidance across Europe.

Slides

Buuri 2026: DORA and TLPT testing - Lecture for Haaga-Helia on 31 March 2026 (pdf, 2 MB)

Links

DORA (Regulation ... on digital operational resilience for the financial sector)

• Article 26 defines threat-lead penetration testing. "Advanced testing of ICT tools, systems and processes based on TLPT"
• Article 27 defines the requirements for the testers. "Requirements for testers for the carrying out of TLPT"

Bank of Finland (Suomen Pankki): TIBER-FI and TIBER-EU guidance

• TIBER-FI procedures and guidelines (pdf, 1 MB)

Buuri 2026: D26 - Releasing Your Inner TIBER in Regulated Adversary Simulations. Video, 45 min. Disobey 2026.

Slides taster

You can download the whole deck.

Bio

Marko Buuri is cyber security adviser in the Bank of Finland (Suomen Pankki). He has over 20 years of in-house and consulting cyber experience. Since 2020 he's been involved in implementing and operating TIBER-FI red team testing framework for the financial sector in Finland.