Goodbye downtime, blind spots & black boxes: inside Arcadis' journey
About Arcadis
Arcadis is 36,000 architects, data analysts, designers, engineers, and other experts across the globe who collaborate on today's most pressing challenges, from the impact of climate change to energy affordability and livability for businesses, cities and industries. From strategy and planning through to implementation and delivery, Arcadis combines human and digital intelligence to create a blueprint for a better, more sustainable future.
Operational continuity isn't negotiable for any organization, and Arcadis is no different. The company has a clear commitment to enabling its business by dealing with the challenges of ever-increasing cyber threats, increasing client requirements, growing regulatory landscape and evolving technology.
Jordy Damen is Global Security Operations Director at Arcadis. His team's mission: ensure the business runs seamlessly, always.
24/7 coverage is fast becoming the new non-negotiable
Like too many organizations, Arcadis lacked around-the-clock visibility into its environment and potential threats. Incidents had the potential to go unnoticed over weekends or outside working hours—a window of opportunity that cybercriminals are quick to exploit.
With Managed Threat Complete, that gap has closed. "We now have 24/7 monitoring and security event triaging by the Rapid7 SOC team," said Damen. "They act as the first line of defense, performing initial investigations and escalating critical incidents to our in-house SOC."
The difference has been transformative. "Knowing that someone is watching even when we’re not—it’s a huge relief," he added.
Building trust: collaboration and no black boxes
It's fair to say that a real, transparent partnership ought to be a new normal, as well.
Arcadis began its 24/7 MDR journey with another vendor. But joint SOC operations are not easy and the company eventually opened a new search: "When we evaluated partners, the service side of things was critical," said Damen. "It wasn’t just about the platform—it was about who could integrate, collaborate, and truly work as an extension of our team.”
The early days of the Rapid7 partnership had some hiccups (routine in any new relationship). What mattered to Arcadis’ security leadership was how Rapid7 responded – which built trust.
The in-house SOC works closely with a dedicated Cybersecurity Advisor, meeting monthly to review platform health, investigate tickets, share threat intelligence updates, address any issues, and ensure Arcadis is leveraging the platform to its fullest potential.
Rapid7’s platform offers unique transparency. "Some tools feel like a black box," Damen explained. "With Rapid7, we have clear insight into how incidents are handled and how our defenses are performing. That’s critical for building trust."
Managed Threat Complete service hasn’t just improved detection and response; it’s also allowed Damen’s team to shift their focus. By handling the first line of defense, Rapid7 frees up Arcadis’ in-house analysts to tackle strategic tasks like vulnerability management and security engineering.
"It’s not just about reacting to threats," Damen noted. "This partnership lets us focus on improving our security maturity across the board."
The team's advice for others considering 24/7 solution?
It's hard to test service quality until you’re an actual customer, but when the software and service is delivered by the same company – a rare, single point of contact – you win. “The platform is important, but it’s the service—how issues are handled, how transparent and collaborative the provider is—that makes the difference. That’s why we chose Rapid7."
"Cybersecurity is a constant cat-and-mouse game," he said. "Rapid7 is a key part of our strategy to stay ahead, evolving our processes and tooling to meet new challenges."
The company’s global CISO, Sandra Konings says “we are on a journey together.”
Gain a complete, end-to-end SOC without the overhead
