top of page

Create Your First Project

Start adding your projects to your portfolio. Click on "Manage Projects" to get started

My Project 2014 - 2018

Location

Amsterdam, The Netherlands

Role

Senior Security Consultant

The team conducts risk assessments (technical detailed Penetration tests) to identify gaps between policies and standards (including data protection, GDPR), assesses emerging threats, and assists
management with data-driven decision-making, focusing on KPIs related to risk, strategy for training and awareness, and enhancing security in dev/ops teams.
Perform penetration tests (Manual, IAST) on infra, web applications and API plus source code review (SAST) on available code (change and new projects).

Perform Dynamic scans (DAST) utilizing HP WebInspect and manual penetration test (Burp suite pro, protocol analysis, wireshark) on web applications.
Leading of intake and scoping process, perform assessments, identify false positives, report writing and peer review, after care (presentations) and at times assistance with identifying proper counter measures with projects/teams.
Review of Solution Architecture documentation for each application to identify attack scenarios and potential vulnerable or insecure vectors (threat modeling). Some Static code review (SAST) of applications utilizing HP Fortify and later CheckMarx.
Our team is reviewing CheckMarx as a POC to supplement or replace Fortify. Collaborate with the Asset Owner or Business Owner and Operational Risk Management team (first line of defense team) to motivate severity of findings (scenarios, technical feasibility of findings, layman terms), technical risk to get the action list and risk to the business.
I put forward a solution in a tool format (CodeDX/threadfix) to help us consolidate view of all the output data (Fortify, Checkmarks, WebInspect, Burp, arachni etc.).
Increase efficiency to generate a report, eliminates duplicate findings.
Performing awareness training for teams in the organization concerning (Application Security Awareness) covering the following topics: SDLC in the bank, process of application testing, Source Code Review and pentesting methodology, what is cyber security, information about common attacks on applications, what is APT, common attack methodologies, best practices a defense, security incidents and trends in the industries.

bottom of page