Together we'll look at how your systems are connected, how systems and networks are administered and determine the most likely attack paths.Learn more
Nobody knows everything. Neither do I. But together we definitely know more.Learn more
Need a security minded view on your newly designed architecture?Learn more
I love sharing knowledge, from short presentations to multiple days of training. I prefer having hands-on exercises.Learn more
My background in penetration testing and red teaming created an offensive mindset, always thinking about possible ways to gain access to networks, systems, applications and specific data. While I still consider penetration testing and red teaming very effective given the proper setting, I now prefer a more pragmatic approach to obtaining insights in an organization's security posture. Instead of trying out all sorts of attacks, we can just discuss the relevant measures your organization should have taken or should take.
I would like to emphasize the importance of IT teams for security. They are at least as important as security teams, as IT teams are the people actually improving security. IT teams are often very knowledgeable on their respective areas. Security experts need IT teams to explain how things actually work and sometimes also why certain recommendations won’t work. Security teams need to cooperate closely with IT teams. They need to align with IT teams: changes in the network, new systems, system management procedures, etc.
In my opinion everybody benefits when both sides are open about their knowledge gaps. I certainly don’t know it all and often request more explanation or need to do additional research before giving proper advice.
Security experts often need to improve their understanding of IT teams and IT experts can improve their overall skills with more Security Minded thinking. We can amplify each other’s knowledge. So, let's put our minds together.
I have 16 years of IT security experience in several areas of expertise. Definitely not considering myself an expert in all these fields, but my combined security experience was formed during both red and blue team assignments. On the offensive side I performed all sorts of penetration tests and red teaming assignments. On the defensive side I performed security reviews, was part of daily security operations and did some incident response. I also delivered and created security training for a varying public.