Omschrijving

Cyber security SME with nearly a decade of work experience in the security domain.

Started in IT over 17 years ago and became passionate about pentesting. Throughout the years expanded on the existing expertise in related domains: Information Security Management, Compliance, GRC and IAM but also "Blue" domains like: SOC/SIEM, Vulnerability Management and resting somewhere in the middle: Threat modeling and security awareness.

Currently helps organizations with: general Information Security Management, ISO 27001 compliance, NIS2 compliance, SOC2 compliance, Offensive ("Red") Security services like pentesting and red teaming, Defensive Security services like strategic and operational support of the SOC, and Awareness programs

Talen

Nederlands
Tweetalig / moedertaal
Engels
Tweetalig / moedertaal

Voorkeuren voor werkplek

Kan op locatie werken

The Hague (tot 50km)

NorthNet
Co-founder & Owner
DIGITAAL BUREAU & IT-CONSULTANCY
januari 2021 - Vandaag (5 jaren en 5 maanden)
The Hague, Nederland
At NorthNet, digital security begins with clarity, leadership, and direction. Bearing this in mind, I support organizations where technology and strategy intersect. NorthNet is strong at assisting decision-makers and IT leaders to make their security problems, both technical and non-rechnical, clear to stakeholders throughout all layers of the organization.
IT-projectbeheer NIS2 PenTest ISO 27001 GRC
ASML
Stream Lead Cybersecurity/Project Lead Cybersecurity
oktober 2024 - december 2024 (2 maanden)
I worked at ASML through consultancy on the guidance of project teams and stakeholders. My experience enabled me to support a broad group of colleagues with advice and assistance in implementing appropriate security and meeting internal and external security requirements. For example, I was responsible for coordinating penetration tests, I was part of the IRB assessment committee and I have reshaped their GRC framework and then validated all the requirements. I also was responsible for all stakeholder management. I also did supplier management, I managed security control on the implementation of changes in the project phase and reported the results to management.

Responsibilities:
• Conducted threat landscape analysis specific to semiconductor industry threats
• Developed threat actor profiles targeting critical infrastructure organizations - Created executive threat briefings correlating global threat trends with ASML risk exposure - Integrated threat intelligence feeds into security control validation processes - Collaborated with international semiconductor industry threat sharing initiatives - Assessed APT group capabilities and intentions relevant to ASML's global operations
• Plan, schedule and supervise penetration tests for the project
• Expanded the implementation of the present GRC tool
• Check and validate GRC requirements, and design new requirements where necessary
• Be part of the IRB for the project from a security perspective
• Supervise projects and check whether they meet internal and external security requirements
• Perform security checks during various project phases and record findings
• Advise project teams and stakeholders on required security measures and risks
• Coordinating communication and agreements with suppliers on security requirements
• Check whether the implementation of security measures has been carried out according to agreements
LBVD Consultancy B.V.
Consultant IT Security (Pentester, Head of Phishing)
december 2024 - maart 2025 (3 maanden)
• Execute external pentests (open ports, OSINT, known vulnerabilities in internet facing applications), both manual and automated
• Execute internal pentests (OS and out-of-the-box applications, privilege check, guest network, password policy)
• Responsible for phishing campaigns (intake, create, execute, report)
• Execute `Mystery Guest' assessments (planning, interacting with employees, badge cloning, assessing `clean desk/clear screen' policy compliance, documenting and presenting findings)
• Research & Development