Mihkel Kukk

Head of Cyber Security Services

KPMG Baltics OÜ

Mihkel joined KPMG in 2018.

2013 – 2018 Estonian Ministry of Defense, chief cyber security specialist

The main tasks of Mihkel were the accreditation of classified information handling systems; reviewing documentation, reviewing controls, and evaluating the outcome of previous steps to finalize the decision and identify the necessary corrective actions; providing system owners advice on information security, accreditation and system design; Participation in various international working groups dealing with information security and accreditation of multilateral and international systems; auditing different systems, assessing compliance of systems with NATO and EU legislation and requirements.

2010 – 2013 Estonian Air Force, information security officer

The main tasks of Mihkel were to advise system users on information security and manage security incidents; system security documentation development; preparation and implementation of risk assessments and risk management plans; implementation of TEMPEST measures and problem solving.

Professional experience   

  • Mihkel has experience in the following industries: Public sector, IT infrastructure, Railways, Financial.
  • Mihkel has participated in several public sector information system penetration testing projects.
  • Mihkel has carried out E-Voting audits for the 2019 elections.
  • Mihkel has participated in several PCI DSS and OWASP level 2 penetration testing projects.


  • PECB Certified ISO/IEC 27001 Senior Lead Auditor
  • PECB Certified ISO/IEC 27001 Senior Lead Implementer
  • PECB Certified ISO/IEC 27005 Senior Lead Risk Manager
  • PECB Certified ISO/IEC 27032 Senior Lead Cybersecurity Manager
  • PECB Certified ISO/IEC 38500 Senior Lead IT Corporate Governance Manager
  • PECB Certified Lead Pen Test Professional
  • PECB Certified Senior Lead Cloud Security Manager
  • NATO Cyber Security Professional, CISA, CEH v.8, GSEC, GCCC, CISSP.
  • Tallinn Technical University, master’s degree, Telecommunication, 2016