Polle Vanhoof - Cybersecurity Engineer
Polle Vanhoof is an experienced Cyber Security Engineer. His broad interest in the field of IT security has led to work experience in a wide range of topics related to cyber security.
He has experience in penetration testing, vulnerability management, incident response, secure code reviews and so much more.
He worked for several years in both the infrastructure and financial sectors creating and securing enterprise software systems, played a key role in the Security and Assurance team at a critical market infrastructure directing and coordinating penetration tests, purple team and red team exercises. More recently he was responsible for vulnerability management and incidence response at Siemens Mobility, where he also worked to modernize and automate the deployment of servers as part of the DEVSECOPS team.
Siemens: DEVSECOPS
Siemens Mobility is responsible for the security and safety of thousands of servers and workstations used to manage day-to-day operations of the Belgian railroad network.
Part of this work consisted of securing these servers by implementing a vulnerability management and patch automation system for Linux and Windows machines.
Task:
Secure and protect the servers and workstations for the National railway service.
Actions:
- Migrate systems and applications to a modern operating system
- Develop automated systems for deploying these applications and managing server configurations
- Aggregate data from these servers into an inventory management system
- Create regular patch cycles that match the patch and release cycles of the operating systems
- Handle newly discovered security vulnerabilities (vulnerability management and incident response)
- Execute architecture reviews, security code reviews and penetration tests on new and existing software and recommend mitigations or alternatives.
Euroclear: Security and Assurance
Euroclear SA/NV is an established financial service provider specialized in securities trading. They hold over €31 trillion worth of assets and are responsible for settling security transactions at over €837 trillion per annum. It is considered a critical market infrastructure and as such is obligated (by law) to properly secure and protect all of its assets. As a result, this is a high stakes environment with very important real life consequences regarding security incidents.
The majority of the work consisted of providing assurance by managing the execution of penetration tests on various applications and infrastructure components.
Task:
Manage, Execute and Review internal and external penetration tests.
Actions:
- Organize and document a new approach to managing ongoing penetration tests
- Unify the way in which Euroclear provides and receives information to/from our external vendors
- Assist in setting up appropriate environments and accesses for planned penetration tests
- Execute internal penetration tests
- Evaluate (and investigate) discovered vulnerabilities
- Translate vulnerability impact and consequences on software components to impact on business objectives
This page lists some of the recent clients I have worked for. Feel free to contact me for my full portfolio.
Languages
Certificates
OSCP Certified
Obtained the 'Offensive Security - Certified Professional' certificate.
This certificate shows the holder is well versed in penetration testing methodologies.
OSWE Certified
Obtained the 'Offensive Security - Web Exploitation' certificate.
This certificate is the result of an extremely challenging 48-hour exam and is an attestation to my talents in web application testing.
SC-200
Obtained the 'Microsoft Security Operations Analyst Associate' certificate.
Proven skills in investigation, responding, and hunting for threats using Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender.
MS-500
Obtained the 'Microsoft Security Administrator Associate' certificate.
Proven skills and experience with identity protection, information protection, threat protection, security management, and data governance.
Skills
| Skill | Category | Experience |
|---|---|---|
| Linux | Operating Systems | |
| Windows | Operating Systems | |
| Python | Programming | |
| Java | Programming | |
| C | Programming | |
| C# | Programming | |
| Golang | Programming | |
| Perl | Programming | |
| Haskell | Programming | |
| Prolog | Programming | |
| ELM | Programming | |
| Android | Programming | |
| Burp | Tools | |
| Nmap | Tools | |
| openssl | Tools | |
| Proxychains | Tools | |
| Gobuster | Tools | |
| Plink | Tools | |
| Splunk | Tools | |
| Active Directory | Technologies | |
| Cryptography (PKI) | Technologies | |
| SQL | Technologies | |
| Maven | Tools | |
| RTI Connext DDS | Tools | |
| Puppet | Technologies | |
| Ansible | Technologies | |
| MATLAB | Tools | |
| SAT-Solvers | Technologies | |
| Spring Framework | Technologies | |
| QT Framework | Technologies | |
| Azure Cloud Security | Technologies | |
| Azure Sentinel | Technologies | |
| Microsoft Defender for Identity (Azure) | Technologies | |
| Microsoft Defender for Endpoint | Technologies | |
| Microsoft Defender for Cloud | Technologies | |
| Microsoft 365 Defender | Technologies | |
| Microsoft Sentinel | Technologies | |
| Raspberry PI | Equipment | |
| Embedded Systems | Equipment | |
| Routers / Switches | Equipment | |
| Software Defined Networks (SDN) | Equipment | |
| Smartcards | Equipment | |
| Firewalls | Equipment | |
| Web Application Firewalls (WAP) | Equipment | |
| Bootstrap Framework | Technologies | |
| Nodejs | Programming | |
| Patch Management | Technologies | |
| Vulnerability Management | Technologies | |
| Incident Response | Technologies |