I am an experienced Senior Networking and Security expert, actively working in the field since 2001. During my time in the field I worked in various positions, from operational team member, to teamlead to technical projectleader. As Senior Networking and Security expert, I mentor people by providing them technical assistance, helping with various problems and coaching people in performing better and more considered.
I am broadly certified in the Networking and Security Region with various Juniper, Cisco, Checkpoint and CISSP certifications on the list. Next to that I am an experienced systems administrator with a recent RHCSA certification, where I managed Solaris, Red Hat, Ubuntu, and FreeBSD systems over the years. I am able to setup machines, administer them, setting up configuration management like puppet or Ansible, writing scripts to make systems perform better or report certain required information.
While I prefer working in the Networking and Security regions, I do enjoy working with Operating Systems as well, making me an allround expert in my area of expertise. I feel that this experience greatly aids in being an expert and makes me stand out in comparison to others who are mainly focussed on one area of expertise.
I am a real teamplayer, able to lead the team, but also able to follow actively supporting positive attitude and technically improving a team.
I am flexible and not bound to a 9 to 5 job. If the job asks for outside ‘regular’ hours, we can always find a way. Either on location or from home, I will deliver my assignment and/or tasks.
Next to my professional working experiences, I also do a lot of open source contributions in my spare time. The biggest contributions are for the FreeBSD Project where I have an active commit bit for the doc/ team. I am also a member of the Cluster Administration (systems engineering) and postmaster teams for FreeBSD, where at the latter position I setup the currently used rspamd installation.
In the past I did several more things for FreeBSD, I was one of the founding Security Team members that started the FreeBSD Ports Security Team, and I was a member of the FreeBSD Security Team for many years, ending as FreeBSD Security Officer Deputy.
In my free time I first of all enjoy being with my wife and kids. I can also enjoy being with our beasts. I play around with my personal servers to keep my knowledge up to date and I like to read fantasy books (like Feist or Martin). Where possible I like to socially meet my friends for a drink, or grab some food. I am a big Formula-1 fan, having a racing seat and racing wheel in my home.
|HAVO||Yes||Dutch, English, German, Economics, History, Math A, M&O, Geography||Johannes Calvijn, Rotterdam|
|MBO TI||No||Technical Computer Science||ROC Zadkine, Rotterdam. Stopped because of employment at ING|
Courses through my employers
|2001||Email & DNS||Tunix|
|2001||Webservers & Webtechnology||Tunix|
|2001||Windows NT4.0 Admin||Compu Train|
|2001||Networking Essentials||Compu Train|
|2002||Firewalls, Perimeter protection and VPNs||SANS|
|2002||Shell programming for System Administrators||SUN Educational Services|
|2002||Sun Solaris Administration 1||SUN Educational Services|
|2002||ITIL Foundation||PinkRoccade Educational Services|
|2003||Hacker Techniques, Exploits and Incident Handling (GCIH)||SANS|
|2004||Netscreen cources||Juniper Networks|
|2014||Cisco Certified Networking Professional - Routing & Switching - Routing||Cisco|
|2014||JunOS Space||Juniper Networks|
|2016||Palo Alto UTD||Palo Alto Networks|
|2019||Red Hat Certified System Administrator (RHCSA)||Red Hat|
|2008||BSDMag||Installing FreeBSD 7.1 with enhanced security (Jails)||bsdmag.org|
|2014||Linux Magazine [NL]||Free of Open?||http://www.linuxmag.nl
|2006||GSEC (GIAC / SANS)|
|2008||Checkpoint Certified Security Administrator (CCSA)|
|2008||Berkeley Software Distribution Associate (BSDA)|
|2008||Checkpoint Certified Security Expert+ (CCSE+)|
|2008||Juniper Networks Certified Internet Associate (JNCIA-FWV)|
|2009||Juniper Networks Certificate Internet Specialist (JNCIS-FWV)|
|2010||Certified Information Systems Security Professional (CISSP)|
|2013||Certified Information Systems Security Professional (CISSP) (Extended)|
|2013||CCNA (Cisco Certified Networking Associate)|
|2015||CCNP (Cisco Certified Networking Professional)|
|2016||Certified Information Systems Security Professional (CISSP) (Extended)|
|2016||JNCIA-Junos (Juniper Networks Certified Associate)|
|2017||CCNP (Cisco Certified Networking Professional) (extended)|
|2019||Red Hat Certified System Administrator (RHCSA)|
|2019||Certified Information Systems Security Professional (CISSP) (Extended)|
|2008||Dutch FreeBSD Presentation: From Projectleader to Developer|
|2009||Dutch FreeBSD Presentation: Welcome, FreeBSD 8!|
|jun2019 - present||Sue (Formerly Snow B.V. )||Technical Fieldmanager||Responsible for 100+ consultants. My own group of 35 consultants that I coach, help and assist during their assignments. Looking for the best matches from leads and our people. Helping the consultants to write a PoP (personal education plan) and assist them with actually doing that. Assisting trainee\’s during their first experiences in the field.|
|2004-mar2020||JR-Hosting||Co-Founder / Co-Owner||Together with my partner we formed a hosting company, servicing a wide rang of customers. From Photographers to bands and schools and many more. I am the technical lead for our machines, using automation (puppet/ansible), git, gitlab, ci\/cd, openldap, postfix, dovecot for our infrastructure. The services are build on the hosting platform which currently runs FreeBSD. The surrounding services are Ubuntu based machines. Our anti spam measures are using an implementation of rspamd.|
|oct2017-jun2019||Snow B.V.||Linux Administrator / Network Administrator / Firewall Administrator at Gemeente Woerden||Maintenance of the Linux servers, enhancing the puppet environment, implementation of git and gitlab, automatic deployment of puppet changes, creating an OpenVAS scanning appliance, writing our own CMDB puppet module and exporting that to the change and incident management tooling.
Writing various parsers for networking information like the Storage environment with exports to influxdb and Grafana, upgrading the puppet3 environment to puppet6, enhancing several sites to fix faalkaart.nl issues, use advanced nginx forwarding, adding new trend (Grafana) tooling and using a new (influxdb) storage backend for it.
Making use of collectd to gather system metrics, and various other enhancements.
Manage and setup various systems (like Topdesk) with SAML to provide SSO for applications and services. Create a PoC based on Keycloak SSO. Connecting multiple products to Keycloak.
I wrote an bash dialog based script for easier ldap/ad maintenance of ad-application-groups.
I migrated the Zarafa mail environment to Kopano, using the kopano-backup tool and several custom scripts that I wrote for this migration.
I am one of the people working on the Firewalls, I added Rancid auditing tracking of the firewalls, I modified a version so that our firewalls can be automatically tracked. As of dec 2018 I am the main point of contact for the firewalls (Hillstone networks).
I am (dec 2018) the point of contact for network related issues and maintaining the environment. The product(s) used are Alcatel based. I did the migration from the old Alcatel environment to a new alcatel environment in the new town hall. This required building a spanning-tree \‘wall\’ to protect the new environment from the old enviroment.
One of the team members that wrote the Changemanagement guidelines and assisted with the implementation within Topdesk. I did pass the most changes through the system working for the team.
|sept2016 - oct2017||Snow B.V.||Networking / Security / Linux Administrator at Snow B.V||Responsible for various updates/upgrades/troubleshooting on the infrastructure.
Upgrade of the switching environment (Juniper based).
Research and implementation of rspamd as external MX gateways.
|apr2016 - sept2016||Snow B.V.||Network Administrator / Wintershall Noordzee B.V.||Responsible for the Network within Wintershall Noordzee B.V. (Netherlands)
Activities included the Cisco management on various drilling and production riggs, Mikrotik based Wifi AP’s, Linux based proxy and vpn services.
|may2014 - apr2016||Snow B.V.||Senior Network and Security Engineer / Teamlead connectivity at Ziggo||At Ziggo I was involved in the Connectivity team, where I did most large projects by either being the one responsible for implementation and testing, or the one that needs to do the troubleshooting around the project so that every device works the way it should.
I gave training to my colleague’s, I wrote presentations about my experience and I wrote extensive documentation as aftercare for the network management team.
I was also involved in projects where I could share my other knowledge around Unix and Applications (like Opsview) to parties that need help troubleshooting.
I was also improving processes like ITIL – Changemanagement. I felt connected with that so that we properly document what we where going to do, to a certain cost of registration. I tried to find the right balance and created multiple change templates that are in use today in the team to quickly request changes.
With the Juniper SRX devices I made various big firewalls with virtual routers, importing instances, setup vpn’s, imported them in Space and resolve issues that occured because of that.
Troubleshooting and many more things.
In 2015 I took up the job to also lead the team, which means I am the first point of contact for management, planning and the team members.
At the end of 2015 I switched teams and became the lead network engineer for the group I worked for. Designing a new internal firewall strategy after a company merger, and relocating management networks.
I was also able to help and assist with the F5’s and some Unix administration on several large (web)mail platforms based on Open-Xchange
|jan2014 - may2014||Snow B.V.||Senior Network and Security Engineer at Snow B.V.||I was asked to do a firewall migration of the company’s main firewall. Migrating from one platform to another.
I assisted the infrastructure team with designing a new virtualization network, with various and ranging requirements.
I wrote an article for the Linux Magazine and I was able to do large contributions towards the FreeBSD Project.
|nov2010 - dec2013||Snow B.V.||Senior Network Engineer / Technical Projectleader at Ziggo||At Ziggo I am working as a Technical Projectleader, where I am responsible for a group of people within a project. The project has the goal to migrate all legacy networks to a standarised and uniform network. The network is intended to make management possible without affecting the production side of the network. I am responsible for leading my team of people, planning them, making migration decisions (with the designer of the infra), delivering the project to the operations group. We take care of Firewalls, routers, switches and Console servers. The team currently consists of 4 people, where I am directly managed by the Projectmanager.It is also my job to write the technical documentation needed to do the migration, I am part of the main migration team where we give help and support to the other parties that are connected to our management network.Periodically I support the projectmanager with various tasks, including taking over when he is free or otherwise busy. At those moments I am the main responsible for the project and first point of contact for the project.|
|nov2009 - oct2010||Snow B.V.||Senior Network Engineer, Security Engineer at Getronics Datacenters||Member of the network infrastructure team. Handling a multitude of clients, amongst them large government agencies, various public resources etc. Here I took care of a large customer, made improvement changes throughout the infrastructure, upgraded various devices, did massive troubleshooting for some clients.Writing Technical Design’s for a large project which involves the migration of one of the Dutch airline companies to a new location and datacenter. Our manager made me Technical Lead, right next to the Technical Consultant. For this we use various firewall blades (FWSM), ACE and VRF’s which run through multiple devices. Secondary project to help migrate outstations to the new environment, for this I needed to write Technical Design’s.For another client, I am responsible for making sure that multiple regions are able to maintain the client, which involves creating standarized drawings, standarized documentation, connecting the management environments etc. I also do advanced troubleshooting on the firewalls and proxies (Bluecoat) of the client.Helped troubleshooting the environment of an health insurance company, where performance issues had been found. I assisted and supported various troubleshooting periods, worked along with Juniper to get to a resolution of the problem etc.|
|jan2009 - oct2009||Snow B.V.||Senior Network Engineer, Security Engineer at Getronics Datacenters||From KPN a project was initiated to physically move the datacenters. I was hired by Getronics to make that happen for the government group I worked for. I was the main responsible for this project. With a collegue we did an inventory, cleanup, buildup, administrative tasks, executing the migrations, moving hardware, arranging documentations, communicating with the customers etc. We scored 100% on this move.After that project I am now doing various projects to assist with the customer and implement new features as they desire.|
|jun2008 - dec2008||Snow B.V.||Senior Network Engineer, Security Engineer at KPN||At KPN I am doing a large project to migrate the central facilities of a dutch government department. The central facilities included migrating a standalone Juniper firewall to a redundant Fortigate cluster, and migrating a loaded Checkpoint environment to a new Juniper (SSG series) platform. The migrations itself went smoothly given the base that had been used it was a big success! I also helped out the operational team managing all devices by setting up a new monitoring system (NMIS) and using Rancid for various important devices to keep a version track of all configurations. On the social plate I am guiding my collegue’s and training them where needed on area’s that I could help with.|
|feb2008 - jun2008||Snow B.V.||FreeBSD liaison||In February, I started helping Ed Schouten with his study, Ed is a student temporary working at Snow B.V, writing an MultiProcessorSafe (MPSAFE) TTY layer for FreeBSD. I act as a liason between FreeBSD and Ed to make sure he can graduate. We both traveled to Canada to let Ed give a presentation for the FreeBSD development team. Ed finally graduated with a 9!|
|oct2006 - may2008||Snow B.V.||Unix Engineer, Network Engineer, Security Engineer at Financial Institute||At the “Financial Institute” I was a member of the Security / Unix and Networking Team. It was my responsability to maintain various access routers and switches, core routers and switches, as well as key Unix systems and the Firewalls throughout Europe. I was also part of a team that is going to consolidate services and networks from Europe towards one central data Centre (Design phase). I was providing Network architecture, Firewall architecture and where possible Unix server Architecture. From June 2007 till Oct 2007 I trained a new team member with our main area’s of attention: Cisco, Checkpoint and Unix.Starting from late 2007, I was also participating within a consolidation project (Architecture and technical implementation of the design), where I lead the implementations that needs to be done on the networking/unix/checkpoint side. I was responsible for implementing the entire Firewalling infrastructure (multiple clusters, internal security, exteriour security and vpn (remote users, remote site to site) security), both architectural as technical implementation and setup. Together with a Snow Collegue I was also building up the regular network within the new datacenter, implementing a common ground for the routers and switches, implementing tftp services, building up new management hosts with new monitoring tools; all as standarized and flexible as possible. Both my Collegue and I were also very active with communication migrations for the connected countries (we move them from the previous WAN/MPLS provider to the new provider).|
|oct2001 - sept2006||ING Bank N.V.||Operational Firewall Administrator / Security Administrator||System administration multiple Sun machines including: Email: Sendmail, DNS: BIND, Checkpoint Management stations and various other tasksSystem administration multiple GUI Applications: Netscape Proxy/Mail Server, Checkpoint, Provider-1, Nokia Horizon Manager, Netscreen Manager, Siteprotector (ISS), HSESystem administration multiple IPSO (3.7, 3.8) machines:Checkpoint FirewallsSystem administration multiple BSD/I , FreeBSD machines: Tunix FirewallsSystem administration multiple ISS RealSecure machines: IDS Server Sensors (Mostly Windows based) IDS Network Sensors (both External as Internal) (based on Windows, Proventia A-series, and G-series appliances)System administration multiple Cisco devices: SCA’s, Appcelera’s, CSS, HSE, Routers, SwitchesReading and acting on multiple security mailinglists/groupsProcessing Security Events (alerting from the IDS machines)Keeping the security filtering up to date for processing and alerting (Perl based)|
|ING Bank N.V.||Functional Security management||Maintaining contacts with external branches all over the worldParticipating in projects taking place all over the world (physical location: NL). Here I need to deliver the concept, implementation options and guiding the technical implementor.Reviewing and maintaining security policies, reviews and important security documentation.|
|ING Bank N.V.||Temporary teamcoordinator||I replaced the teamcoordinator multiple times when he was not available.|
|2003 - 2019||FreeBSD||– Maintainer and Founder of the Dutch Documentation Project (2003-2019)
– Member of the FreeBSD Documentation Team (2004-2019)
– Member of the FreeBSD Security Team / FreeBSD Security Team Secretary / FreeBSD Security Officer Deputy (2006-2013, 2014-2019),
– Member of the FreeBSD Postmaster Team (2017-2019),
– Member of the FreeBSD Source Committer Team (2007-2019),
– Member of the FreeBSD Bugmeister Team (end-2012),
– Co-founder of the FreeBSD Ports Security Team.
– Release Engineering Liaison from the FreeBSD Security Team (end 2019).
|2004 - 2011||Evilcoder.org||Writing my own Administration Toolkits in Perl, I stopped this project to focus more on my work. Writing check_honeynet, a custom tool to check the mirror status for various honeynet mirrors. Honeynet later migrated to a dynamic website which stopped all mirrors and thus the tooling.|
|2001 - 2005||DSINet.org||Writing Security Articles (Dutch and English)|
|2001 - 2004||Mostly-Harmless.nl||Guiding newcomers, Projectleader Documentation (contents)|
Operating system experiences
|SUN Solaris||mailserver, operational management, scripting, routing, etc.|
|Ubuntu Linux 12.04,14.04,16.04, 18.04||Installation, Managing and User experiences (firewalling, software maintenance, hosting, routing, etc.), administration|
|Red Hat Linux / CentOS 5,6,7||Installation, Managing and User experiences (firewalling, software maintenance, hosting, routing, etc.), administration|
|Rasbian / Debian 7,8,9||Installation, Managing and User experiences (firewalling, software maintenance, hosting, routing, etc.), administration|
|FreeBSD 4.x - 11.x||Installation, Managing and User experiences (firewalling, software maintenance, hosting, routing, custom package building etc.), administration, security team, developer, documentation team, postmaster|
|PFSense / OPNSense||Installation, upgrading, managing, user experiences, firewalling, VPN, site to site connections etc.|
|OpenBSD||Installation, Managing and User experiences (firewalling, software maintenance, hosting, routing, etc.)|
|NetBSD||Installation, Managing and User experiences (firewalling, software maintenance, hosting, routing, etc.)|
|Mac OS X||Installation and User experience|
|Windows (Server 2008⁄2012)||Installation, Managing, Patching, Troubleshooting and User experience, using office applications (Microsoft based)|
|OpenVAS, vulnerability scanning software setup, documentation and maintenance|
|Hillstone Networks firewall (various product ranges, E1600, E2500, E3550)|
|Single Sign On applications (SimpleSAMLphp, Keycloak)|
|Puppet3,4,5,6 agent, puppet master, puppetserver, manifests, modules, configuration management, facter, hiera, theforeman, puppetdb|
|NGINX (Unix) (incl reverse proxy)|
|Grafana / influxdb / graphite / collectd|
|Elasticsearch / Graylog / filebeat / Kibana / Logstash (ELG/ELK stack)|
|Apache (Unix & Windows) (incl reverse proxy)|
|Bluecoat Proxy / Bluecoat AVScanner|
|Netscape Proxy on Solaris|
|Netscape Mailserver on Solaris|
|Iplanet Webserver on Solaris|
|Juniper ScreenOS (SSG)|
|Juniper JunOS Security (SRX)|
|Juniper JunOS Space|
|Avocent / Avocent DSView|
|F5-Big IP Loadbalancer|
|ISS Realsecure (incl. Siteprotector Management station)|
|Gitlab collaboration tooling, administration, setup, hooks, deployment|
|Configuration management: Puppet, setup, enhancement, deployment, administration, Ansible playbooks|
|Ticket management systems (BMC, Expertdesk, Tivoli servicedesk, OTRS, IRMa, topdesk)|
|Billing Software (WHMCS)|
|Monitoring tools (Bigbrother, NMIS, Nagios, Opsview core and pro, zabbix)|
|OSPF (Quagga, OpenOSPF, Cisco, Juniper)|
|Various Cisco software applications (IOS, CSS, SCA, AppCelera, CatOS, FWSM, ACS, ASA, ACE, management LMS)|
|Alcatel switching (6500,6900)|
|VPN: IPSEC/isakmpd,OpenVPN (ssl based) and various firewall implementations of SSLVPN / IPSEC.|
|Mailservers (Qmail, Postfix, Exim, Sendmail)|
|Mailstorage (Courier-imap, dovecot, zarafa, kopano)|
|Webmail (Squirrelmail, Roundcube, Open-Xchange, zarafa/z-push, kopano/z-push)|
|Virtualisation: Proxmox, VMWare, Docker Containers|
|Hosting management tooling (DirectAdmin, Webmin, Virtualmin)|
|Databases (MySQL, PostgreSQL, SQLite, InfluxDB|
|DNS Servers (Bind, Unbound)|
|tar/gzip/bzip and other standard tool (less, sed, more, grep, etcetera)|
|Mutt / Neomutt|
|Source code management (CVS, SVN, Mercurial, Git, Perforce)|
|Source code management software (hgweb, svnweb, gitlab)|
|Linux firewalling (ipchains, iptables)|
|BSD firewalling (ipfw, ipf, pf)|
|Proxies (Squid, Tinyproxy)|
|IPv6 (Cisco, BSD, Linux)|
And a lot more not mentioned here