Polle Vanhoof - Cybersecurity Engineer

Polle Vanhoof is an experienced Cyber Security Engineer. His broad interest in the field of IT security has led to work experience in a wide range of topics related to cyber security.

He has experience in penetration testing, vulnerability management, incident response, secure code reviews and so much more.

He worked for several years in both the infrastructure and financial sectors creating and securing enterprise software systems, played a key role in the Security and Assurance team at a critical market infrastructure directing and coordinating penetration tests, purple team and red team exercises. More recently he was responsible for vulnerability management and incidence response at Siemens Mobility, where he also worked to modernize and automate the deployment of servers as part of the DEVSECOPS team.

Profile Picture

Siemens: DEVSECOPS

Signaling room

Siemens Mobility is responsible for the security and safety of thousands of servers and workstations used to manage day-to-day operations of the Belgian railroad network.

Part of this work consisted of securing these servers by implementing a vulnerability management and patch automation system for Linux and Windows machines.

Task:

Secure and protect the servers and workstations for the National railway service.

Actions:

  1. Migrate systems and applications to a modern operating system
  2. Develop automated systems for deploying these applications and managing server configurations
  3. Aggregate data from these servers into an inventory management system
  4. Create regular patch cycles that match the patch and release cycles of the operating systems
  5. Handle newly discovered security vulnerabilities (vulnerability management and incident response)
  6. Execute architecture reviews, security code reviews and penetration tests on new and existing software and recommend mitigations or alternatives.

Euroclear: Security and Assurance

Penetration Testing

Euroclear SA/NV is an established financial service provider specialized in securities trading. They hold over €31 trillion worth of assets and are responsible for settling security transactions at over €837 trillion per annum. It is considered a critical market infrastructure and as such is obligated (by law) to properly secure and protect all of its assets. As a result, this is a high stakes environment with very important real life consequences regarding security incidents.

The majority of the work consisted of providing assurance by managing the execution of penetration tests on various applications and infrastructure components.

Task:

Manage, Execute and Review internal and external penetration tests.

Actions:

  1. Organize and document a new approach to managing ongoing penetration tests
  2. Unify the way in which Euroclear provides and receives information to/from our external vendors
  3. Assist in setting up appropriate environments and accesses for planned penetration tests
  4. Execute internal penetration tests
  5. Evaluate (and investigate) discovered vulnerabilities
  6. Translate vulnerability impact and consequences on software components to impact on business objectives

This page lists some of the recent clients I have worked for. Feel free to contact me for my full portfolio.

Languages

English
Dutch
French

Certificates

OSCP Certified

OSCP Certified

Obtained the 'Offensive Security - Certified Professional' certificate.

This certificate shows the holder is well versed in penetration testing methodologies.

OSWE Certified

OSWE Certified

Obtained the 'Offensive Security - Web Exploitation' certificate.

This certificate is the result of an extremely challenging 48-hour exam and is an attestation to my talents in web application testing.

SC-200

SC-200

Obtained the 'Microsoft Security Operations Analyst Associate' certificate.

Proven skills in investigation, responding, and hunting for threats using Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender.

MS-500

MS-500

Obtained the 'Microsoft Security Administrator Associate' certificate.

Proven skills and experience with identity protection, information protection, threat protection, security management, and data governance.

Skills

SkillCategoryExperience
LinuxOperating Systems
WindowsOperating Systems
PythonProgramming
JavaProgramming
CProgramming
C#Programming
GolangProgramming
PerlProgramming
HaskellProgramming
PrologProgramming
ELMProgramming
AndroidProgramming
BurpTools
NmapTools
opensslTools
ProxychainsTools
GobusterTools
PlinkTools
SplunkTools
Active DirectoryTechnologies
Cryptography (PKI)Technologies
SQLTechnologies
MavenTools
RTI Connext DDSTools
PuppetTechnologies
AnsibleTechnologies
MATLABTools
SAT-SolversTechnologies
Spring FrameworkTechnologies
QT FrameworkTechnologies
Azure Cloud SecurityTechnologies
Azure SentinelTechnologies
Microsoft Defender for Identity (Azure)Technologies
Microsoft Defender for EndpointTechnologies
Microsoft Defender for CloudTechnologies
Microsoft 365 DefenderTechnologies
Microsoft SentinelTechnologies
Raspberry PIEquipment
Embedded SystemsEquipment
Routers / SwitchesEquipment
Software Defined Networks (SDN)Equipment
SmartcardsEquipment
FirewallsEquipment
Web Application Firewalls (WAP)Equipment
Bootstrap FrameworkTechnologies
NodejsProgramming
Patch ManagementTechnologies
Vulnerability ManagementTechnologies
Incident ResponseTechnologies
recaptcha