Experience

2023 - Present: Security Consultant

In various projects I am responsible for deploying Thales Luna HSM and Azure Managed HSM for customers. Duties include:

  • Pre-sales talks;
  • Planning deployments;
  • Writing initialization procedures;
  • Writing operational procedures;
  • Attending the installation procedure and ceremony on the datacenter floor;
  • Providing support for application integration with the HSM;
  • General after-sales support.

In two cases I consulted and remediated missing credentials of HSM appliances without data loss of contents or keys, resulting in significant cost savings compared to a re-key of the involved solutions.

In addition to consulting on HSMs I have also been involved in pentesting and exposure assessment.

2022: Implementing data security and decryption with Microsoft SQL Server

Creating a solution to encrypt data in an Oracle Database and decrypt it in SQL Server via EKM. This involved:

  • Integrating SQL Server with a Thales Luna DPOD HSM
  • Creating a reference implementation for the SQL Server encryption routine powering ENCRYPTBYKEY()
  • Writing custom tooling for loading pre-shared data encryption keys into the HSM

2020 - Present: DevOps team member

Member of a DevOps team supporting the internal PKI for a major energy company. Starting out, I was responsible for the service transition: taking over from the previous IT service provider. Responsibilities included knowledge transfer and setting up an internal knowledge base. Later on I was involved with a migration to a different datacenter, including migrating HSMs. More recently I was involved in migrating parts of the PKI environment to Azure.

My duties also included:

  • Development of new features;
  • Deployment of new features;
  • Vulnerability remediation;
  • Patching of applications;
  • Support for packaging of client software running on end-user devices;
  • 3rd line customer support;
  • Operating an internal Microsoft CA (2-tier setup);
  • Setting up monitoring and alerting in Splunk;
  • Supporting other business contacts by answering inquiries about PKI;

2018-2023: IAM Solution Support

Provided 3rd line support and implementation consulting for companies among the top 500 in the Netherlands.

Notable experience includes:

  • Migrating from an on-premises AD FS + Web Application Proxy solution to Azure AD;
  • Troubleshooting compatibility issues with the CyberArk HTML5 gateway and the Azure AD Application Proxy;
  • Maintaining an availability monitoring solution;
  • Setting up an internal wiki to serve as a knowledge base.

Product Experience

Cryptography and PKI
Products:
  • Azure Managed HSM
  • Nexus Smart ID
  • AD CS
  • Eviden / Cryptovision SCinterface
  • Eviden / Cryptovision Virtual Smartcard
  • Microsoft Virtual Smartcard
  • Nexus Certificate Manager
  • Thales Luna Network HSM
  • Thales DPOD (Cloud HSM)
  • EKM for Microsoft SQL Server (HSM integration for SQL Server Cryptography features)

Technologies:

  • PKCS#11 Software Development
  • Certificate Lifecycle Management
  • ACME certificate enrollment
Single sign-on
Products:
  • Azure AD
    • Single sign-on
    • Azure AD Application Proxy
  • AD FS
  • Okta
  • ForgeRock OpenAM
  • Entrust IdentityGuard
  • SafeNet MobilePASS MFA
  • Keycloak

Technologies:

  • SAML
  • OpenID Connect
  • Radius
Privileged Account Management
Provided 3rd line support for for companies among the top 500 in the Netherlands.
  • CyberArk Core PAS
  • CyberArk HTML5 Gateway
Programming Languages
Python: I am quite comfortable using python for:
  • small tools
  • scripts
  • micro-services

Java: I have limited experience with actual projects. I can however decompile, spot-patch and re-compile if required.

C: Solid understanding with limited experience from my bachelor’s degree

NodeJS: I can create basic web applications in NodeJS with express.js

PowerShell: I can create powershell scripts to automate basic tasks. In addition to that, I am comfortable reading larger powershell code basses and making changes.

Infrastructure Technologies
  • Apache Tomcat
  • Apache HTTPD
  • Nginx
  • Docker
  • Docker Compose
  • Traefik
  • Let’s Encrypt / ACME
  • Azure Confidential Compute
Other Tools
Other tools I have used in my endeavours:
  • Burp Suite
  • Fiddler
  • Wireshark
  • tcpdump
  • Splunk
  • Keystore Explorer

Certifications

Keyfactor
Command Core Certified Professional (October 2023 - October 2025)
Thales
Luna HSM Certified Engineer (January 2022)
Microsoft
Azure Fundamentals (January 2023)
Okta
Certified Professional (2019-2020)

Certified Administrator (2020 - 2021)

Utimaco
Certified Engineer - CryptoServer HSMs

(March 2019)

CyberArk

  • Trustee (November 2018)

  • Defender (February 2019)

  • Sentry (September 2020)

Education

2014-2018
BSc, Computer Science; University of Applied Sciences Utrecht

Minor: Smart Devices and Apps

Languages

  • Dutch (native speaker)
  • English (near-native speaker)
  • German (some proficiency)