|Date of Birth||16 October 1983|
|Place of Birth||Rotterdam|
I am an experienced Senior Networking and Security expert, actively working in the field since 2001. During my time in the field I worked in various positions, from operational team member, to teamlead to technical projectleader. As Senior Networking and Security expert, I mentor people by providing them technical assistance, helping with various problems and coaching people in performing better and more considered.
I am broadly certified in the Networking and Security Region with various Juniper, Cisco, Checkpoint and CISSP certifications on the list. Next to that I am an experienced systems administrator, where I managed Solaris, redhat, Ubuntu, and FreeBSD systems over the years. I am able to setup machines, administer them, setting up configuration management like puppet, writing scripts to make systems perform better or report certain required information.
While I prefer working in the Networking and Security regions, I do enjoy working with Operating Systems as well, making me an allround expert in my area of expertise. I feel that this experience greatly aids in being an expert and makes me stand out in comparison to others who are mainly focussed on one area of expertise.
I am a real teamplayer, able to lead the team, but also able to follow actively supporting positive attitude and technically improving a team.
I am a flexible person, not hanging to a 9-5 job, but instead working where needed. Where possible I try to work from the office but I am an expert at working from home as well, delivering my assignment and tasks!
Outside of my working experience I am a team member of the FreeBSD project, where I have active commit bits for the doc/ repository as well as being the current FreeBSD Security Team Secretary. In my many years of experience I feel best in the Security Team, where I triage incoming items, write advisories, proofread advisories, and various other tasks that are related to the Secretary. I am also known for leading the effort in translating the handbook to the Dutch language. I still try to keep this up to date as much as time permits. For the FreeBSD project I also wrote an article in BSD Magazine in 2008, scheduled another one but this one was never published. I Also wrote an article about migrating FreeBSD based firewalls to OpenBSD for my employer (Snow B.V) which was published in Linux Magazine in 2014. I helped review several technical books about FreeBSD, working together with Michael Lucas amongst others.
In my free time I first of all enjoy being with kids and my wife. I cuddle around with our cats when they wish to cuddle, or take a walk with our dog. Whenever I am “free”, I also enjoy keeping my knowledge about OS’ up to date, reading various books ranging from fantasy to technical computerbooks, playing my guitar, socializing with friends and family and torching the Big Green Egg.
Economics 1 & 2
Math A1 & A2
|MBO||No (I joined ING before gratuating).||Technical|
Courses through my employers
|2001||Email and DNS||Tunix|
|Webservers and Webtechnology||Tunix|
|Windows NT 4.0 Administring||Compu’Train|
|NLUVG1 (Unix for users 1)||Global Knowledge|
|2002||Firewalls, Perimeter protection and VPN’s||The SANS Institute|
|Cisco Secure IDS||Global Knowledge|
|Shell Programming for|
|Sun Solaris Administration 1||Global Knowledge|
|ITIL Foundations||PinkRoccade |
|2003||Hacker Techniques, Exploits|
and Incident Handling (GCIH)
|The SANS Institute|
|2004||Netscreen course (Specially|
designed for Employer)
|2005||ISS RealSecure IDS||Internet Security Systems|
|2014||JunOS Space||Juniper Networks|
|2016||Palo Alto UTD||Palo Alto Networks|
|2008||BSDMagazine||Installing FreeBSD 7.1 with enhanced security (Jails)||Download|
|2014||Linux Magazine [NL]||Free of Open?||http://www.linuxmag.nl|
|2007||LPI 101 (Linux Professionals Institute)|
|2007||LPI 102 (Linux Professionals Institute)|
|2008||Checkpoint Certified Security Administrator (CCSA)|
|2008||Berkeley Software Distribution Associate (BSDA)|
|2008||Checkpoint Certified Security Expert+ (CCSE+)|
|2008||Juniper Networks Certified Internet Associate (JNCIA-FWV)|
|2009||Juniper Networks Certificate Internet Specialist (JNCIS-FWV)|
|2010||Certified Information Systems Security Professional (CISSP)|
|2012||LPI 201 (Linux Professionals Institute)|
|2012||LPI 202 (Linux Professionals Institute)|
|2013||Certified Information Systems Security Professional (CISSP) (Extended)|
|2013||CCNA (Cisco Certified Networking Associate)|
|2015||CCNP (Cisco Certified Networking Professional)|
|2016||Certified Information Systems Security Professional (CISSP) (Extended)|
|2016||JNCIA-Junos (Juniper Networks Certified Associate)|
|2017||CCNP (Cisco Certified Networking Professional) (extended)|
|2008||Dutch FreeBSD Presentation: From Projectleader to Developer||Link [EN]|
|2009||Dutch FreeBSD Presentation: Welcome, FreeBSD 8!||Link [EN]|
|oct2017-now||Snow B.V||Linux Administrator|
|Maintenance of the Linux servers, enhancing the puppet environment, implementation of git and gitlab, automatic deployment of puppet changes, creating an OpenVAS scanning appliance, writing our own CMDB puppet module and exporting that to the “change and incident management tooling”.|
Writing various parsers for networking information like the Storage environment with exports to influxdb and Grafana, upgrading the puppet3 environment to puppet5, enhancing several sites to fix faalkaart.nl issues, use advanced nginx forwarding, adding new trend (Grafana) tooling and using a new (influxdb) storage backend for it.
Making use of collectd to gather system metrics, and various other enhancements.
Manage and setup various systems (like Topdesk) with SAML to provide SSO for applications and services.
I wrote an bash dialog based script for easier ldap/ad maintenance of ad-application-groups.
I migrated the Zarafa mail environment to Kopano, using the kopano-backup tool and several custom scripts that I wrote for this migration.
I am one of the people working on the Firewalls, I added Rancid auditing tracking of the firewalls, I modified a version so that our firewalls can be automatically tracked. As of dec 2018 I am the main point of contact for the firewalls (Hillstone networks).
I am (dec 2018) the point of contact for network related issues and maintaining the environment. The product(s) used are Alcatel based.
One of the team members that wrote the “Changemanagement guidelines” and assisted with the implementation within Topdesk.
|2004-present||JR-Hosting||Co-Founder & Co-owner at JR-Hosting||Together with a friend of mine we have a Hosting company.|
We host a wide range of customers, from Photographers to bands and many more.
I take the lead in maintaining our machines, we use puppet, git (and gitlab) on various FreeBSD and Linux machines to form our structured environment.
We make extensive use of LDAP and verifications through LDAP (for postfix/dovecot for example).
We have implemented rspamd as our main anti-spam tooling.
Our customers are able to use Webmin/Virtualmin as products so ease their maintenance.
|sept2016-oct2017||Snow B.V.||Networking / Security / Linux Administrator at Snow B.V||Responsible for various updates/upgrades/troubleshooting on the infrastructure.|
Upgrade of the switching environment (Juniper based).
Research and implementation of rspamd as external MX gateways.
|apr2016-sept2016||Snow B.V.||Network Administrator / Wintershall Noordzee B.V.||Responsible for the Network within Wintershall Noordzee B.V. (Netherlands)|
Activities included the Cisco management on various drilling and production riggs, Mikrotik based Wifi AP’s, Linux based proxy and vpn services.
|may2014-apr2016||Snow B.V.||Senior Network and Security Engineer / Teamlead connectivity at Ziggo||At Ziggo I am involved in the Connectivity team, where I do most large projects by either being the one responsible for implementation and testing, or the one that needs to do the troubleshooting around the project so that every device works the way it should.|
I give training to my colleague’s, I write presentations about my experience and I write extensive documentation as aftercare for the network management team.
I am also involved in projects where I can share my other knowledge around Unix and Applications (like Opsview) to parties that need help troubleshooting.
I am also improving processes like ITIL – Changemanagement. I feel connected with that so that we properly document what we are going to do, to a certain cost of registration. I try to find the right balance and created multiple change templates that are in use today in the team to quickly request changes.
With the Juniper SRX devices we made various big firewalls with virtual routers, importing instances, setup_ vpn’s, imported them in Space and resolve issues that occured because of that.
Troubleshooting and many more things.
In 2015 I took up the job to also lead the team, which means I am the first point of contact for management, planning and the team members.
At the end of 2015 I switched teams and became the lead network engineer for the group I worked for. Designing a new internal firewall strategy after a company merger, and relocating management networks.
I was also able to help and assist with the F5’s and some Unix administration on several large (web)mail platforms..
|jan2014-may2014||Snow B.V.||Senior Network and Security Engineer||I was asked to do a firewall migration of the company’s main firewall. Migrating from one platform to another.|
I assisted the infrastructure team with designing a new virtualization network, with various and ranging requirements.
I wrote an article for the Linux Magazine and I was able to do large contributions towards the FreeBSD Project.
|nov2010-dec2013||Snow B.V.||Senior Network Engineer / Technical Projectleader at Ziggo||At Ziggo I am working as a Technical Projectleader, where I am responsible for a group of people within a project. The project has the goal to migrate all legacy networks to a standarised and uniform network. The network is intended to make management possible without affecting the production side of the network. I am responsible for leading my team of people, planning them, making migration decisions (with the designer of the infra), delivering the project to the operations group. We take care of Firewalls, routers, switches and Console servers. The team currently consists of 4 people, where I am directly managed by the Projectmanager.It is also my job to write the technical documentation needed to do the migration, I am part of the main migration team where we give help and support to the other parties that are connected to our management network.Periodically I support the projectmanager with various tasks, including taking over when he is free or otherwise busy. At those moments I am the main responsible for the project and first point of contact for the project.|
|nov2009-oct2010||Snow B.V.||Senior Network Engineer, Security Engineer at Getronics Datacenters||Member of the network infrastructure team. Handling a multitude of clients, amongst them large government agencies, various public resources etc. Here I took care of a large customer, made improvement changes throughout the infrastructure, upgraded various devices, did massive troubleshooting for some clients.Writing Technical Design’s for a large project which involves the migration of one of the Dutch airline companies to a new location and datacenter. Our manager made me Technical Lead, right next to the Technical Consultant. For this we use various firewall blades (FWSM), ACE and VRF’s which run through multiple devices. Secondary project to help migrate outstations to the new environment, for this I needed to write Technical Design’s.For another client, I am responsible for making sure that multiple regions are able to maintain the client, which involves creating standarized drawings, standarized documentation, connecting the management environments etc. I also do advanced troubleshooting on the firewalls and proxies (Bluecoat) of the client.Helped troubleshooting the environment of an health insurance company, where performance issues had been found. I assisted and supported various troubleshooting periods, worked along with Juniper to get to a resolution of the problem etc.|
|jan2009-oct2009||Snow B.V.||Senior Network Engineer, Security Engineer at Getronics Datacenters||From KPN a project was initiated to physically move the datacenters. I was hired by Getronics to make that happen for the government group I worked for. I was the main responsible for this project. With a collegue we did an inventory, cleanup, buildup, administrative tasks, executing the migrations, moving hardware, arranging documentations, communicating with the customers etc. We scored 100% on this move.After that project I am now doing various projects to assist with the customer and implement new features as they desire.|
|jun2008 – dec2008||Snow B.V.||Senior Network Engineer, Security Engineer at KPN||At KPN I am doing a large project to migrate the central facilities of a dutch government department. The central facilities included migrating a standalone Juniper firewall to a redundant Fortigate cluster, and migrating a loaded Checkpoint environment to a new Juniper (SSG series) platform. The migrations itself went smoothly given the base that had been used it was a big success! I also helped out the operational team managing all devices by setting up a new monitoring system (NMIS) and using Rancid for various important devices to keep a version track of all configurations. On the social plate I am guiding my collegue’s and training them where needed on area’s that I could help with.|
|feb2008 – jun2008||Snow B.V.||FreeBSD liason||In February, I started helping Ed Schouten with his study, Ed is a student temporary working at Snow B.V, writing an MultiProcessorSafe (MPSAFE) TTY layer for FreeBSD. I act as a liason between FreeBSD and Ed to make sure he can graduate. We both traveled to Canada to let Ed give a presentation for the FreeBSD development team. Ed finally graduated with a 9!|
|okt2006 – may2008||Snow B.V.||Unix Engineer, Network Engineer, Security Engineer at Financial Institute||At the “Financial Institute” I was a member of the Security / Unix and Networking Team. It was my responsability to maintain various access routers and switches, core routers and switches, as well as key Unix systems and the Firewalls throughout Europe. I was also part of a team that is going to consolidate services and networks from Europe towards one central data Centre (Design phase). I was providing Network architecture, Firewall architecture and where possible Unix server Architecture. From June 2007 till Oct 2007 I trained a new team member with our main area’s of attention: Cisco, Checkpoint and Unix.Starting from late 2007, I was also participating within a consolidation project (Architecture and technical implementation of the design), where I lead the implementations that needs to be done on the networking/unix/checkpoint side. I was responsible for implementing the entire Firewalling infrastructure (multiple clusters, internal security, exteriour security and vpn (remote users, remote site to site) security), both architectural as technical implementation and setup. Together with a Snow Collegue I was also building up the regular network within the new datacenter, implementing a common ground for the routers and switches, implementing tftp services, building up new management hosts with new monitoring tools; all as standarized and flexible as possible. Both my Collegue and I were also very active with communication migrations for the connected countries (we move them from the previous WAN/MPLS provider to the new provider).|
|2001-sept 2006||ING Bank||Operational Firewall Administrator / Security Administrator||System administration multiple Sun machines including: Email: Sendmail, DNS: BIND, Checkpoint Management stations and various other tasksSystem administration multiple GUI Applications: Netscape Proxy/Mail Server, Checkpoint, Provider-1, Nokia Horizon Manager, Netscreen Manager, Siteprotector (ISS), HSESystem administration multiple IPSO (3.7, 3.8) machines:Checkpoint FirewallsSystem administration multiple BSD/I , FreeBSD machines: Tunix FirewallsSystem administration multiple ISS RealSecure machines: IDS Server Sensors (Mostly Windows based) IDS Network Sensors (both External as Internal) (based on Windows, Proventia A-series, and G-series appliances)System administration multiple Cisco devices: SCA’s, Appcelera’s, CSS, HSE, Routers, SwitchesReading and acting on multiple security mailinglists/groupsProcessing Security Events (alerting from the IDS machines)Keeping the security filtering up to date for processing and alerting (Perl based)|
|Functional Security management||Maintaining contacts with external branches all over the worldParticipating in projects taking place all over the world (physical location: NL). Here I need to deliver the concept, implementation options and guiding the technical implementor.Reviewing and maintaining security policies, reviews and important security documentation.|
|Temporary teamcoordinator||I replaced the teamcoordinator multiple times when he was not available for work|
|2003-present||FreeBSD||Maintainer of the Dutch Documentation Project (2003-current)|
Member of the FreeBSD Documentation Team (2004-current)
Member of the FreeBSD Security Team / FreeBSD Security Team Secretary / FreeBSD Security Officer Deputy (2006-2013, 2014-current),
Member of the FreeBSD Postmaster Team (2017-current),
Member of the FreeBSD Source Committer Team (2007-current),
Former member of the FreeBSD Bugmeister Team (till jun 2012),
Former member of the FreeBSD Ports Security Team (one of the founders of the group),
Starting from Dec 19, 2014 I am acting Liason between the FreeBSD Security Team and the FreeBSD Release Engineering group.
In December 2018 I was promoted to Officer Deputy and the role of Secretary had been dropped.
|2004-2011||Evilcoder.org||Writing my own Administration Toolkits in Perl, I stopped this project to focus more on my work. Writing check_honeynet, a custom tool to check the mirror status for various honeynet mirrors. Honeynet later migrated to a dynamic website which stopped all mirrors and thus the tooling.|
|2001-2005||DSINet.org||Writing Security Articles (Dutch and English)|
|2001-2004||Mostly-Harmless.nl||Guiding newcomers, Projectleader Documentation (contents)|
Operating system experiences
|SUN Solaris||mailserver, operational management, scripting, routing, etc.|
|Linux (Redhat, Ubuntu (12.04,14.04,16.04, 18.04), Rasbian, Debian, CentOS(6,7), Suse (SLES12)||Installation, Managing and User experiences (firewalling, software maintenance, hosting, routing, etc.), administration/td>|
|FreeBSD, (4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, 11,x, current)||Installation, Managing and User experiences (firewalling, software maintenance, hosting, routing, custom package building etc.), administration, security team, developer, documentation team, postmaster|
|PFSense / OPNsense||Installation, upgrading, managing, user experiences, firewalling, VPN, site to site connections etc.|
|OpenBSD||Installation, Managing and User experiences (firewalling, software maintenance, hosting, routing, etc.)|
|NetBSD||Installation, Managing and User experiences (firewalling, software maintenance, hosting, routing, etc.)|
|Mac OS X||Installation and User experience|
|Windows||Installation and User experience, using office applications (Microsoft based)|
|Windows 2003 (Adv. Server),|
Windows 2008 Server
Windows 2012 Server
|Administration, patching, troubleshooting|
|OpenVAS, vulnerability scanning software setup, documentation and maintenance|
|Hillstone Networks firewall (various product ranges, E1600, E2500, E3550)|
|Single Sign On applications (SimpleSAMLphp, Keycloak)|
|Puppet3,4,5,6 agent, puppet master, puppetserver, manifests, modules, configuration management, facter, hiera, theforeman, puppetdb|
|NGINX (Unix) (incl reverse proxy)|
|Grafana / influxdb / graphite / collectd|
|Elasticsearch / Graylog / filebeat / Kibana / Logstash (ELG/ELK stack)|
|Apache (Unix & Windows) (incl reverse proxy)|
|Netscape Proxy on Solaris|
|Netscape Mailserver on Solaris|
|Iplanet Webserver on Solaris|
|Juniper ScreenOS (SSG)|
|Juniper JunOS Security (SRX)|
|Juniper JunOS Space|
|Avocent / Avocent DSView|
|F5-Big IP Loadbalancer|
|ISS Realsecure (incl. Siteprotector Management station)|
|Gitlab collaboration tooling, administration, setup, hooks, deployment|
|Puppet, setup, enhancement, deployment, administration|
|Ticket management systems (BMC, Expertdesk, Tivoli servicedesk, OTRS, IRMa, topdesk)|
|Billing software (WHMCS)|
|Monitoring tools (Bigbrother, NMIS, Nagios, Opsview core and pro, zabbix)|
|OSPF (Quagga, OpenOSPF, Cisco, Juniper)|
|Various Cisco software applications (IOS, CSS, SCA, AppCelera, CatOS, FWSM, ACS, ASA, ACE, management LMS)|
|Alcatel switching (6500,6900)|
|VPN: IPSEC/isakmpd and OpenVPN (ssl based)|
|Mailservers (Qmail, Postfix, Exim, Sendmail)|
|Mailstorage (Courier-imap, dovecot, zarafa)|
|Webmail (Squirrelmail, Roundcube, Open-Xchange, zarafa/z-push)|
|Hosting management tooling (DirectAdmin, Webmin, Virtualmin)|
|Databases (MySQL, PostgreSQL, SQLite)|
|DNS Servers (Bind, Unbound)|
|tar/gzip/bzip and other standard tool (less, sed, more, grep, etcetera)|
|Source code management (CVS, SVN, Mercurial, Git, Perforce)|
|Source code management software (hgweb, svnweb, gitlab)|
|Linux firewalling (ipchains, iptables)|
|BSD firewalling (ipfw, ipf, pf)|
|Proxies (Squid, Tinyproxy)|
|IPv6 (Cisco, BSD, Linux)|
And a lot more not mentioned here