Brussels, now
Bridging the gap between deep technical execution and strategic security thinking.
Cybersecurity Consultant at Cronos Security, Belgium. Before that, Deloitte, embedded inside some of Belgium's largest organisations, running enterprise-scale vulnerability management programs.
I'm a Cyberecurity Consultant at Cronos Security, Belgium. Before that, Deloitte, where I worked inside some of Belgium's largest organisations running enterprise-scale vulnerability management programs on Qualys, Tenable and Rapid7. At one client, we took a program sitting at 12M open vulnerabilities down to 3M, a ~75% reduction.
The work now spans DORA compliance, GRC, vulnerability management, IAM, and security architecture, plus the de facto project management that glues them together. Scanners and frameworks are the easy part. The harder problem is building programs teams actually follow.
The goal is to become a Swiss Army knife of cybersecurity. Someone who can hold their own across vulnerability management, risk, cloud, architecture and governance, and actually connect the dots between them. Trajectory points toward vCISO and strategic advisory.
Outside client work, the homelab is where everything gets tested before it gets recommended. Proxmox on bare metal, LXC-everything, docker containers, full observability stack, UniFi networking with proper VLAN segmentation, MCP servers wired into daily workflows. If it's worth deploying, it's worth breaking at home first.
Qualys · Tenable · Rapid7. Took one client from 12M → 3 in a year.
Identifying, assessing, and mitigating IT risks across the organization.
ISO 27001, NIS2, DORA, etc. turning gap analyses into programs people follow.
CISPP in progress. Homelab running 24/7. Tested at home first.
Trained as a data protection advisor under Belgian GDPR implementation. Covered legal bases, data subject rights, DPIAs and breach notification procedures.
Feb 2018 — Feb 201920 domains across attack phases, network scanning, malware, social engineering and web application hacking.
Aug 2021 · ActiveFoundational Azure cloud concepts — core services, pricing, SLAs and governance.
Apr 2022 — Apr 2024Broad AWS knowledge — core services, security, architecture, and billing.
Oct 2022 — Oct 2025Designing distributed systems on AWS with focus on resilience, performance and security.
Nov 2022 — Nov 2025Service management — value system, guiding principles and the four-dimensions model.
Dec 2022 · Active (no expiry)Identity, access management, threat protection, compliance and Zero Trust fundamentals.
Sep 2023 — Sep 2025Project management — 7 principles, themes and processes.
Jan 2024 — Jan 2027 · ActiveEntry-level ISC2 credential — security principles, network security, access controls and incident response.
Sep 2024 — Sep 2027 · ActivePractitioner-level credential across 7 domains: access controls, risk, cryptography, network security, incident response.
Aug 2025 — Aug 2026 · ActivePlatform-specific certification for managing the Holm Security vulnerability management platform.
Dec 2025 — Dec 2028 · ActiveThe gold standard. 8 domains from risk management to software security.
In sight · Long-termEverything I recommend to clients has already earned its place on a rack at home. The homelab is the proving ground — isolated, instrumented, audited end-to-end and always running.
Running production-grade tooling at home means you break things before clients do. A few lessons from the trenches:
Whether it's a security challenge, a collaboration, or you just want to talk homelab setups, always open to a good conversation.