Curriculum Vitae

Short biography

I have been working in information security for 16 years and in IT for 19 years. In my current role I am working on smart grid cyber security and the secure integration of IT and ICS/SCADA environments. I have a solid knowledge of healthcare IT and grid operator IT, both on the office as on the operations side, both on the strategic as on the implementation side.

I have a BSc Electrical Engineering and Master Security in Information Technology. I am a CISSP and I likes to pick locks, program microcontrollers and care for our horses in my spare spare time.

Work experience

ICS/SCADA architect – Alliander

From April 2017 to now.

Preaching security is one thing. Practicing is another.

In this role I am responsible for the design of our ICS/SCADA environment from a network to business logic level. This requires close cooperation with all relevant departments of the company. It means switching from discussions on the bits and bytes level to Executive team level.

Currently I am designing our 2030 vision for ICS/SCADA and working on a realistic roadmap to make sure that we can start building with no-regret investments.

Information Security Architect – Alliander

From March 2014 to April 2017

Implementing the security vision poses a number of challenges. In this role I have built the security roadmap to reach the goal in a realistic manner. Security monitoring is added and a major step is the forming of the security response team to be able to respond to security incidents 24×7. Discussing with business owners what should be monitored and how we should respond to alerts is an important part of my job as teamlead. Because we have a solid framework, the new reporting laws are not posing much of a risk.

We addapted the generic ISO27001 framework for use in our ICS/SCADA environment. We took a layered approach of goals, measures and implementation guidance. This framework is currently being discussed by the Dutch grid operators as a starting point for a national framework.

In order to improve on a structural level, we implemented an Security Management System that reports to the executive team. I am responsible for the ICS/SCADA part of this ISMS.

Apart from the technical security work, I am speaking at conferences to give insight into the steps we made and what others might learn from them.

Information Security Manager IT – Alliander

From July 2008 till February 2014.

Due to the increasing demand for security by the Dutch society, security is involved in the early stages of new projects. My primary focus is on innovations and datacenter projects. Innovative projects include substation automation, flexible switching public lighting and opening our grid for experiments by 3rd parties. Datacenter projects include PKI, IDS, SIEM and network segmenting (including the maintenance processes). I always kept a strong focus on the secure integration between our IT and ICS/SCADA networks.

The Executive level expressed the wish for an integral security vision. As IT representative, I added a great deal to this vision. One of the most important shifts was the move from pure passive to an active anticipate-detect-response-learn model.

I participated in a number of European research projects on (smart) grid security and am one of the representatives for the energy sector in our national crisis organization.

Information Security Manager – Nuon

From December 2006 to June 2008.

In this role, I am the responsible for setting the right security level from a business perspective. Because this is for a large department, I created an organization to stay in touch with the various business units. I translated the strategic policies to a tactical level and introduced a standardized method for risk analysis.

The two largest projects were the creation of security requirements for smart metering and the creation of a working relationship between the IT and ICS/SCADA teams.

Security Specialist – GE Healthcare

From September 2003 to December 2006.

In this role I am the security consultant for software engineering projects and the primary point of contact (internal and external) for security related questions for GE Healthcare’s Imaging and Information Systems products.

I participated in ISO standards meetings on medical device security and represented the company during securty discussions with the British government on the creation and deployment of their nation-wide electronic patient record system.

System Administrator – GE Medical Systems

From September 2000 to August 2003.

<]>In this role I am responsible for the entire IT infrastructure of the Zeist office of GE Medical Systems. This includes the development and implementation of policies, processes and procedures for IT and IT maintenance. I am also the teamlead for the four-person team.

Senior Support Engineer – GE Medical Systems

From June 1999 to September 2000.

In this role I guide junior support engineers in their role. I create and give training and lectures for our international distributors and am the second-line for problems with installation or configuration of our medical imaging stations.

Support Engineer – Applicare Medical Imaging BV

From Juli 1997 to May 1999.

My first job!

In this role, I am the first-line engineer for troubleshooting problems with installation or configuration of our medical imaging stations all over the world.

Education

yeareducation / institutiondegree
2004-2008Master of Security in Information Technology / Tias Business School, Eindhoven2008 MSIT
1992-1997Electrical Engineering (medical) / Hogeschool Enschede, Enschede1997 Ing
1991Electrical Engineering / University of Twente, Enschede
1985-1991Atheneum / Dukenburg College, Nijmegen1991

Other certifications

yeareducation / institutioncertificate
2015Cryptography I / Stanford University, Courserayes
2015SIEM Qradar introduction & advanced / IBMyes
2014IEC61850 / DNV-KEMAyes
2005Certified Information Systems Security Professional / (ISC)2, Palm Harbor, FL, USACISSP
2001Microsoft Certified Systems Engineer / Microsoft, Redmont, WA, USAMCSE
2000SixSigma Quality / GE Medical Systems Education Center, Milwaukee, IL, USAGreen-belt

Languages

languagespokenwritten
Dutch (mother tongue) fluentfluent
Englishfluentfluent
Germanfluentgood
FrenchGoodPassable

Comments are closed.