About
Senior, independent, deeply technical.
I am a cybersecurity consultant based in the Netherlands, working under my own name through Consulereit. The work I do is, broadly, the work that earns the trust of experienced security teams: offensive testing, architecture advice, and leadership in situations where something is on fire or about to be.
I started out because I enjoyed breaking things in interesting ways. I'm still here because the hard parts of security turn out to be people-shaped.
The route here
My route into security was the usual one for people of my generation: a teenager with too much curiosity and not enough supervision, who broke a few things, learned how they worked, and eventually figured out you could get paid to do it within agreed boundaries.
Professionally, I spent several years at KPN's Security Lab, working across pentesting, red team, and the in-house development of a SOC-in-a-box capability aimed at mid-market Dutch organisations. It was a rare environment: very technical, genuinely independent from commercial pressure to pick particular vendors, and full of people who had been doing this longer than I had been alive. I learned more there than I have anywhere since.
After KPN, I moved to SecureWorks as a senior offensive security consultant, where the work was more international, higher-stakes, and conducted under much shorter timelines. The engagements I am proudest of from that period are the ones nobody is allowed to talk about.
I went independent because the kind of work I most enjoy (deep, opinionated, long-form) does not fit neatly into large-consultancy utilisation models. I wanted to pick engagements where I could make a meaningful difference to one organisation at a time, and do the work myself rather than oversee someone else doing it.
Credentials
OSCE3 is the Offensive Security "elite" certification, holding OSCP, OSWE, and OSEP simultaneously. All three are examined against real, live labs rather than multiple-choice tests. It is an uncommon combination in the Netherlands.
MSc Advanced Cyber Security, University Polytehnica of Bucharest.
Eight-plus years of full-time security work across red team, pentesting, SOC engineering, and advisory. Specific sectors: financial services, telecommunications, industrial manufacturing, government, healthcare.
Languages
English (professional), Dutch (working, deliverables in Dutch on request), Romanian (native), Russian (fluent), French (working). Most of the written work happens in English; boards and management meetings happen in whichever language makes the conversation most productive.
Outside the work
Spare time, when it exists, goes into two things: building out a slightly-over-engineered home automation setup, and small bits of independent research on mobile and embedded security. The hobby and the day job feed into each other; some of the most interesting bugs I've ever found lived on a device I bought for my kitchen.
Want to talk about a specific situation?
A short call is the easiest way. No prepared agenda needed.