Consulereit · Independent cybersecurity consulting
Offensive security and advisory for organisations that take threats seriously.
I'm an independent senior cybersecurity consultant based in the Netherlands. I help boards, CISOs, and security teams face their adversaries honestly, through red team engagements, advisory work, and the occasional difficult conversation that changes how a programme is run.
Rare combination in the Netherlands. Offensive certifications earned against live, examined labs rather than multiple-choice tests.
What I do
Three ways engagements usually start.
Penetration testing & red team
Web, infrastructure, cloud, and mobile pentests, plus full assumed-breach red team engagements against mature estates. Modelled on real threat actor behaviour, not a checklist.
Security architecture & advisory
Reviews of how your environment is put together and where the brittle joints are. NIS2 readiness, SOC design, security programme reviews, delivered as written recommendations you can actually act on.
vCISO & interim ISO
A part-time or interim security leader for organisations that need one but can't yet justify a full-time hire. Board reporting, risk decisions, and supplier assurance in proportion to your size.
Why independent
One consultant, start to finish.
When you hire a large consultancy, you meet the senior people in the pitch and work with junior staff in delivery. When you hire me, you get the person you met.
There is no sales-to-delivery handoff, no partner skimming 40% of the day rate, and no rotation of associates through your environment. The person scoping your engagement, writing the exploits, and presenting at your board meeting is the same person throughout.
For clients who value directness over a four-colour deck, that matters more than a brand name on the invoice.
Recent work
Specific, anonymised, honest.
Assumed-breach red team against a Dutch financial services firm
Six-week adversary emulation starting from a single compromised workstation. Reached domain dominance and demonstrated access to a production payment system, then worked with the client's blue team on the detection gaps that let it happen.
NIS2 readiness assessment for a mid-market industrial manufacturer
A three-week gap analysis and twelve-month roadmap for a manufacturing business suddenly in scope of the Dutch Cyberbeveiligingswet. Translated a dense legal text into a prioritised set of things their small IT team could actually do.
A short conversation is the fastest way to know.
Most engagements begin with a 30-minute call. I'll listen, ask a few questions, and tell you honestly whether I'm the right fit, or point you at someone who is.