I am an experienced Senior Networking and Security expert, actively working in the field since 2001. During my time in the field I worked in various positions, from operational team member, to teamlead to technical projectleader. As Senior Networking and Security expert, I mentor people by providing them technical assistance, helping with various problems and coaching people in performing better and more considered.
I am broadly certified in the Networking and Security Region with various Juniper, Cisco, Checkpoint and CISSP certifications on the list. Next to that I am an experienced systems administrator with a recent RHCSA and RHCE certification, where I managed Solaris, Red Hat, Ubuntu, and FreeBSD systems over the years. I am able to setup machines, administer them, setting up configuration management like puppet or Ansible, writing scripts to make systems perform better or report certain required information.
While I prefer working in the Networking and Security regions, I do enjoy working with Operating Systems as well, making me an allround expert in my area of expertise. I feel that this experience greatly aids in being an expert and makes me stand out in comparison to others who are mainly focussed on one area of expertise.
I am a real teamplayer, able to lead the team, but also able to follow actively supporting positive attitude and technically improving a team.
I am flexible and not bound to a 9 to 5 job. If the job asks for outside ‘regular’ hours, we can always find a way. Either on location or from home, I will deliver my assignment and/or tasks.
Next to my paid experience, I also have a lot of open source contributions on my name. The biggest effort that I took was supporting the FreeBSD project from 2004 till 2019. I had commit bits for doc and src, I was a member of the FreeBSD Security Team, Cluster Administrators team, Postmaster team, Bugmeister team to name a few. On the Postmaster team I was the one that setup the rspamd installation that is still in use.
In my free time I first of all enjoy being with my wife and kids. I can also enjoy being with our beasts. I play around with my personal servers to keep my knowledge up to date and I like to read fantasy books (like Feist or Martin). Where possible I like to socially meet my friends for a drink, or grab some food. I am a big Formula-1 fan, having a racing seat and racing wheel in my home.
|HAVO||Yes||Dutch, English, German, Economics, History, Math A, M&O, Geography||Johannes Calvijn, Rotterdam|
|MBO TI||No||Technical Computer Science||ROC Zadkine, Rotterdam. Stopped because of employment at ING|
Courses through my employers
|2019||Red Hat Certified Engineer (RHCE) with Ansible||Red Hat|
|2019||Red Hat Certified System Administrator (RHCSA)||Red Hat|
|2016||Palo Alto UTD||Palo Alto Networks|
|2014||JunOS Space||Juniper Networks|
|2014||Cisco Certified Networking Professional - Routing & Switching - Routing||Cisco|
|2004||Netscreen cources||Juniper Networks|
|2003||Hacker Techniques, Exploits and Incident Handling (GCIH)||SANS|
|2002||ITIL Foundation||PinkRoccade Educational Services|
|2002||Sun Solaris Administration 1||SUN Educational Services|
|2002||Shell programming for System Administrators||SUN Educational Services|
|2002||Firewalls, Perimeter protection and VPNs||SANS|
|2001||Networking Essentials||Compu Train|
|2001||Windows NT4.0 Admin||Compu Train|
|2001||Webservers & Webtechnology||Tunix|
|2001||Email & DNS||Tunix|
|2014||Linux Magazine [NL]||Free of Open?||http://www.linuxmag.nl
|2008||BSDMag||Installing FreeBSD 7.1 with enhanced security (Jails)||bsdmag.org|
|2019||Red Hat Certified Certified Engineer 8 (Ansible 2.8, Red Hat Enterprise Linux 8) (RHCE)|
|2019||Certified Information Systems Security Professional (CISSP) (Extended)|
|2019||Red Hat Certified System Administrator (RHCSA)|
|2017||CCNP (Cisco Certified Networking Professional) (extended) Routing & Switching|
|2016||JNCIA-Junos (Juniper Networks Certified Associate)|
|2016||Certified Information Systems Security Professional (CISSP) (Extended)|
|2015||CCNP (Cisco Certified Networking Professional) Routing & Switching|
|2013||CCNA (Cisco Certified Networking Associate)|
|2013||Certified Information Systems Security Professional (CISSP) (Extended)|
|2010||Certified Information Systems Security Professional (CISSP)|
|2009||Juniper Networks Certified Internet Specialist (JNCIS-FWV)|
|2008||Berkeley Software Distribution Associate (BSDA)|
|2008||Checkpoint Certified Security Expert+ (CCSE+)|
|2008||Checkpoint Certified Security Administrator (CCSA)|
|2008||Juniper Networks Certified Internet Associate (JNCIA-FWV)|
|2006||GSEC (GIAC / SANS)|
|2009||Dutch FreeBSD Presentation: Welcome, FreeBSD 8!|
|2008||Dutch FreeBSD Presentation: From Projectleader to Developer|
|jun2019 - present||Sue (Formerly Snow B.V. )||Technical Fieldmanager||Responsible for 100+ consultants. My own group of 35 consultants that I coach, help and assist during their assignments. Looking for the best matches from leads and our people. Helping the consultants to write a PoP (personal education plan) and assist them with actually doing that. Assisting trainee\’s during their first experiences in the field.|
|2004-mar2020||JR-Hosting||Co-Founder / Co-Owner||Together with my partner we formed a hosting company, servicing a wide rang of customers. From Photographers to bands and schools and many more. I am the technical lead for our machines, using automation (puppet/ansible), git, gitlab, ci\/cd, openldap, postfix, dovecot for our infrastructure. The services are build on the hosting platform which currently runs FreeBSD. The surrounding services are Ubuntu based machines. Our anti spam measures are using an implementation of rspamd.|
|oct2017-jun2019||Snow B.V.||Linux Administrator / Network Administrator / Firewall Administrator at Gemeente Woerden||Maintenance of the Linux servers, enhancing the puppet environment, implementation of git and gitlab, automatic deployment of puppet changes, creating an OpenVAS scanning appliance, writing our own CMDB puppet module and exporting that to the change and incident management tooling.
Writing various parsers for networking information like the Storage environment with exports to influxdb and Grafana, upgrading the puppet3 environment to puppet6, enhancing several sites to fix faalkaart.nl issues, use advanced nginx forwarding, adding new trend (Grafana) tooling and using a new (influxdb) storage backend for it.
Making use of collectd to gather system metrics, and various other enhancements.
Manage and setup various systems (like Topdesk) with SAML to provide SSO for applications and services. Create a PoC based on Keycloak SSO. Connecting multiple products to Keycloak.
I wrote an bash dialog based script for easier ldap/ad maintenance of ad-application-groups.
I migrated the Zarafa mail environment to Kopano, using the kopano-backup tool and several custom scripts that I wrote for this migration.
I am one of the people working on the Firewalls, I added Rancid auditing tracking of the firewalls, I modified a version so that our firewalls can be automatically tracked. As of dec 2018 I am the main point of contact for the firewalls (Hillstone networks).
I am (dec 2018) the point of contact for network related issues and maintaining the environment. The product(s) used are Alcatel based. I did the migration from the old Alcatel environment to a new alcatel environment in the new town hall. This required building a spanning-tree \‘wall\’ to protect the new environment from the old enviroment.
One of the team members that wrote the Changemanagement guidelines and assisted with the implementation within Topdesk. I did pass the most changes through the system working for the team.
|sept2016 - oct2017||Snow B.V.||Networking / Security / Linux Administrator at Snow B.V||Responsible for various updates/upgrades/troubleshooting on the infrastructure.
Upgrade of the switching environment (Juniper based).
Research and implementation of rspamd as external MX gateways.
|apr2016 - sept2016||Snow B.V.||Network Administrator / Wintershall Noordzee B.V.||Responsible for the Network within Wintershall Noordzee B.V. (Netherlands)
Activities included the Cisco management on various drilling and production riggs, Mikrotik based Wifi AP’s, Linux based proxy and vpn services.
|may2014 - apr2016||Snow B.V.||Senior Network and Security Engineer / Teamlead connectivity at Ziggo||At Ziggo I was involved in the Connectivity team, where I did most large projects by either being the one responsible for implementation and testing, or the one that needs to do the troubleshooting around the project so that every device works the way it should.
I gave training to my colleague’s, I wrote presentations about my experience and I wrote extensive documentation as aftercare for the network management team.
I was also involved in projects where I could share my other knowledge around Unix and Applications (like Opsview) to parties that need help troubleshooting.
I was also improving processes like ITIL – Changemanagement. I felt connected with that so that we properly document what we where going to do, to a certain cost of registration. I tried to find the right balance and created multiple change templates that are in use today in the team to quickly request changes.
With the Juniper SRX devices I made various big firewalls with virtual routers, importing instances, setup vpn’s, imported them in Space and resolve issues that occured because of that.
Troubleshooting and many more things.
In 2015 I took up the job to also lead the team, which means I am the first point of contact for management, planning and the team members.
At the end of 2015 I switched teams and became the lead network engineer for the group I worked for. Designing a new internal firewall strategy after a company merger, and relocating management networks.
I was also able to help and assist with the F5’s and some Unix administration on several large (web)mail platforms based on Open-Xchange
|jan2014 - may2014||Snow B.V.||Senior Network and Security Engineer at Snow B.V.||I was asked to do a firewall migration of the company’s main firewall. Migrating from one platform to another.
I assisted the infrastructure team with designing a new virtualization network, with various and ranging requirements.
I wrote an article for the Linux Magazine and I was able to do large contributions towards the FreeBSD Project.
|nov2010 - dec2013||Snow B.V.||Senior Network Engineer / Technical Projectleader at Ziggo||At Ziggo I am working as a Technical Projectleader, where I am responsible for a group of people within a project. The project has the goal to migrate all legacy networks to a standarised and uniform network. The network is intended to make management possible without affecting the production side of the network. I am responsible for leading my team of people, planning them, making migration decisions (with the designer of the infra), delivering the project to the operations group. We take care of Firewalls, routers, switches and Console servers. The team currently consists of 4 people, where I am directly managed by the Projectmanager.It is also my job to write the technical documentation needed to do the migration, I am part of the main migration team where we give help and support to the other parties that are connected to our management network.Periodically I support the projectmanager with various tasks, including taking over when he is free or otherwise busy. At those moments I am the main responsible for the project and first point of contact for the project.|
|nov2009 - oct2010||Snow B.V.||Senior Network Engineer, Security Engineer at Getronics Datacenters||Member of the network infrastructure team. Handling a multitude of clients, amongst them large government agencies, various public resources etc. Here I took care of a large customer, made improvement changes throughout the infrastructure, upgraded various devices, did massive troubleshooting for some clients.Writing Technical Design’s for a large project which involves the migration of one of the Dutch airline companies to a new location and datacenter. Our manager made me Technical Lead, right next to the Technical Consultant. For this we use various firewall blades (FWSM), ACE and VRF’s which run through multiple devices. Secondary project to help migrate outstations to the new environment, for this I needed to write Technical Design’s.For another client, I am responsible for making sure that multiple regions are able to maintain the client, which involves creating standarized drawings, standarized documentation, connecting the management environments etc. I also do advanced troubleshooting on the firewalls and proxies (Bluecoat) of the client.Helped troubleshooting the environment of an health insurance company, where performance issues had been found. I assisted and supported various troubleshooting periods, worked along with Juniper to get to a resolution of the problem etc.|
|jan2009 - oct2009||Snow B.V.||Senior Network Engineer, Security Engineer at Getronics Datacenters||From KPN a project was initiated to physically move the datacenters. I was hired by Getronics to make that happen for the government group I worked for. I was the main responsible for this project. With a collegue we did an inventory, cleanup, buildup, administrative tasks, executing the migrations, moving hardware, arranging documentations, communicating with the customers etc. We scored 100% on this move.After that project I am now doing various projects to assist with the customer and implement new features as they desire.|
|jun2008 - dec2008||Snow B.V.||Senior Network Engineer, Security Engineer at KPN||At KPN I am doing a large project to migrate the central facilities of a dutch government department. The central facilities included migrating a standalone Juniper firewall to a redundant Fortigate cluster, and migrating a loaded Checkpoint environment to a new Juniper (SSG series) platform. The migrations itself went smoothly given the base that had been used it was a big success! I also helped out the operational team managing all devices by setting up a new monitoring system (NMIS) and using Rancid for various important devices to keep a version track of all configurations. On the social plate I am guiding my collegue’s and training them where needed on area’s that I could help with.|
|feb2008 - jun2008||Snow B.V.||FreeBSD liaison||In February, I started helping Ed Schouten with his study, Ed is a student temporary working at Snow B.V, writing an MultiProcessorSafe (MPSAFE) TTY layer for FreeBSD. I act as a liason between FreeBSD and Ed to make sure he can graduate. We both traveled to Canada to let Ed give a presentation for the FreeBSD development team. Ed finally graduated with a 9!|
|oct2006 - may2008||Snow B.V.||Unix Engineer, Network Engineer, Security Engineer at Financial Institute||At the “Financial Institute” I was a member of the Security / Unix and Networking Team. It was my responsability to maintain various access routers and switches, core routers and switches, as well as key Unix systems and the Firewalls throughout Europe. I was also part of a team that is going to consolidate services and networks from Europe towards one central data Centre (Design phase). I was providing Network architecture, Firewall architecture and where possible Unix server Architecture. From June 2007 till Oct 2007 I trained a new team member with our main area’s of attention: Cisco, Checkpoint and Unix.Starting from late 2007, I was also participating within a consolidation project (Architecture and technical implementation of the design), where I lead the implementations that needs to be done on the networking/unix/checkpoint side. I was responsible for implementing the entire Firewalling infrastructure (multiple clusters, internal security, exteriour security and vpn (remote users, remote site to site) security), both architectural as technical implementation and setup. Together with a Snow Collegue I was also building up the regular network within the new datacenter, implementing a common ground for the routers and switches, implementing tftp services, building up new management hosts with new monitoring tools; all as standarized and flexible as possible. Both my Collegue and I were also very active with communication migrations for the connected countries (we move them from the previous WAN/MPLS provider to the new provider).|
|oct2001 - sept2006||ING Bank N.V.||Operational Firewall Administrator / Security Administrator||System administration multiple Sun machines including: Email: Sendmail, DNS: BIND, Checkpoint Management stations and various other tasksSystem administration multiple GUI Applications: Netscape Proxy/Mail Server, Checkpoint, Provider-1, Nokia Horizon Manager, Netscreen Manager, Siteprotector (ISS), HSESystem administration multiple IPSO (3.7, 3.8) machines:Checkpoint FirewallsSystem administration multiple BSD/I , FreeBSD machines: Tunix FirewallsSystem administration multiple ISS RealSecure machines: IDS Server Sensors (Mostly Windows based) IDS Network Sensors (both External as Internal) (based on Windows, Proventia A-series, and G-series appliances)System administration multiple Cisco devices: SCA’s, Appcelera’s, CSS, HSE, Routers, SwitchesReading and acting on multiple security mailinglists/groupsProcessing Security Events (alerting from the IDS machines)Keeping the security filtering up to date for processing and alerting (Perl based)|
|ING Bank N.V.||Functional Security management||Maintaining contacts with external branches all over the worldParticipating in projects taking place all over the world (physical location: NL). Here I need to deliver the concept, implementation options and guiding the technical implementor.Reviewing and maintaining security policies, reviews and important security documentation.|
|ING Bank N.V.||Temporary teamcoordinator||I replaced the teamcoordinator multiple times when he was not available.|
|2003 - 2019||FreeBSD||– Maintainer and Founder of the Dutch Documentation Project (2003-2019)
– Member of the FreeBSD Documentation Team (2004-2019)
– Member of the FreeBSD Security Team / FreeBSD Security Team Secretary / FreeBSD Security Officer Deputy (2006-2013, 2014-2019),
– Member of the FreeBSD Postmaster Team (2017-2019),
– Member of the FreeBSD Source Committer Team (2007-2019),
– Member of the FreeBSD Bugmeister Team (end-2012),
– Co-founder of the FreeBSD Ports Security Team.
– Release Engineering Liaison from the FreeBSD Security Team (end 2019).
|2004 - 2011||Evilcoder.org||Writing my own Administration Toolkits in Perl, I stopped this project to focus more on my work. Writing check_honeynet, a custom tool to check the mirror status for various honeynet mirrors. Honeynet later migrated to a dynamic website which stopped all mirrors and thus the tooling.|
|2001 - 2005||DSINet.org||Writing Security Articles (Dutch and English)|
|2001 - 2004||Mostly-Harmless.nl||Guiding newcomers, Projectleader Documentation (contents)|
Operating system experiences
|SUN Solaris||mailserver, operational management, scripting, routing, etc.|
|Ubuntu Linux 12.04,14.04,16.04, 18.04||Installation, Managing and User experiences (firewalling, software maintenance, hosting, routing, etc.), administration|
|Red Hat Linux / CentOS 5,6,7||Installation, Managing and User experiences (firewalling, software maintenance, hosting, routing, etc.), administration|
|Rasbian / Debian 7,8,9||Installation, Managing and User experiences (firewalling, software maintenance, hosting, routing, etc.), administration|
|FreeBSD 4.x - 11.x||Installation, Managing and User experiences (firewalling, software maintenance, hosting, routing, custom package building etc.), administration, security team, developer, documentation team, postmaster|
|PFSense / OPNSense||Installation, upgrading, managing, user experiences, firewalling, VPN, site to site connections etc.|
|OpenBSD||Installation, Managing and User experiences (firewalling, software maintenance, hosting, routing, etc.)|
|NetBSD||Installation, Managing and User experiences (firewalling, software maintenance, hosting, routing, etc.)|
|Mac OS X||Installation and User experience|
|Windows (Server 2008⁄2012)||Installation, Managing, Patching, Troubleshooting and User experience, using office applications (Microsoft based)|
|Network security: Cisco ASA, Cisco FWSM, Juniper SSG, Juniper SRX, Juniper SSLVPN, Fortigate, Hillstone, Nokia IPSO,|
|…. Juniper JunOS Space, Juniper NSM, ISS Realsecure IDS, OpenVAS, IPChains, IPTables, firewalld, ipfw, ipf, pf|
|Single Sign On applications (SimpleSAMLphp, Keycloak)|
|Ticketing systems: BMC, ExpertDesk, Tivoli Servicedesk, OTRS, IRMa, TopDesk, WHMCS|
|Monitoring / graphing tools: Bigbrother, NMIS, Nagios, Opsview, Zabbix, Prometheus, collectd, Grafana, Graphite, MRTG|
|Databases: MySQL, MariaDB, PostgreSQL, InfluxDB|
|Big-Data: ElasticSearch, Greylog, Filebeat, Kibana, Logstash|
|Configuration Management: Puppet, Ansible, Theforeman|
|Loadbalancers: HaProxy, F5 Big-IP|
|Webservers / proxy servers: NGINX, Apache, Bluecoat, Netscape, Iplanet, Squid, Tinyproxy|
|Collaboration tools: Gitlab|
|CI CD tools: Gitlab, Gitlab-runner|
|Routing and Switching: Cisco, Juniper, Alcatel|
|Routing technologies: OSPF, Quagga, EIGRP, RIP|
|VPNs: IPSEC/Isakmpd, OpenVPN, SSLVPN’s|
|Remote Console: Avocent|
|Mailservers: Qmail, Postfix, Exim, Sendmail|
|Mailstorage: Courier-imap, dovecot, zarafa, kopano|
|Webmail: Squirrelmail, Roundcube, Open-Xchange, zarafa/z-push, kopano/z-push|
|Virtualisation: Proxmox, VMWare, Docker Containers|
|Hosting tooling: DirectAdmin, Webmin, Virtualmin, PHP, PHP-FPM|
|System administration and tooling: OpenSSH, Vi, VIM, tar, gzip, bzip, less, sed, grep, etc.|
|DNS: Bind, Unbound, Pihole)|
|Source code management: CVS, SVN, Mercurial, Git, Perforce, gitlab, svnweb, hgweb|
|Network Technologies: IPv6|
And a lot more not mentioned here