If you don’t understand how hackers could get into your systems, you’re going to have a hard time securing them. Learning how to hack can help you implement the strongest possible security practices. Hacking forensics includes techniques for detecting and reverse engineering malware and advanced persistant threats, like Finfisher ..
Threat modelling is a process by which potential threats can be identified, enumerated, and prioritised – from a hypothetical attacker's point of view. With a systematic analysis of the probable attacker's profile, the most likely attack vectors, and the assets most desired by an attacker, defenders can focus on what is most important to protect.
Each organisation is dealing with unique IT security threats, so this service can vary greatly, from determining the most effective way to protect computers, networks, software, data and information systems, to facilitating the definition, implementation and maintainance of security policies.
Expert assistance when developing implementation plans and validating, migrating, and integrating new security policies, measures and technologies, including developing curricula for security training, and teaching workshops with engaging roleplay and exercises that bring the message home .. Everything we can creatively think of to make it so!
Research of/for new vulnerabilities through reviews, analysis, and participation in forums and groups.
Training of system (security) effectiveness by using experiential learning methods (simulations, hands-on, causal loop diagrams, hack to learn and other forms of discovery oriented learning).
Commonly used attack vectors and vulnerabilities. And keeping current!
Network protocols: TCP/IP, SDH, SONET, Ethernet; Smartcard: ISO 7816, PC/SC, OCF.
Computer languages: Hex, assembly, Ada, C, C++, a bit of Lisp and Prolog; Scripting.
Mathematics related to IT: Numerical algebra, propositional and predicate logic, state machines, graph and probability theory, and game theory.
The real important stuff: Problem Solving Leadership, Changeshop, System Effectiveness Management, Satir systems - Organisational development, various linguistic awarenesses
Organizing and facilitating group processes in organisations, like retrospectives, scenario planning, simulations, workshops and open space (planning/implementation) meetings.
Appreciative inquiry for social engineering, interviewing and reconnaissance.
Spoken languages: Dutch and English (excellent), German (good) and French (a tidbit).
Change agent for increased (security) system effectiveness.
1994 Engineer Applied mathematics, PTH Rotterdam
1994 Pedagogy/Didactics diplom, PTH Rotterdam
1991 MSc Information Technology, combining computer science and biology, UvA Amsterdam
1985 Bachelor Biophysics, UvA Amsterdam
1980 VWO, Montessori Lyceum Amsterdam