About
Senior, independent,
deeply technical.
I am an independent cybersecurity consultant based in the Netherlands, working under my own name through Consulereit. My work spans offensive testing, security architecture review, and SOC design for organisations across defence, critical infrastructure, healthcare, and industry.
I take one consulting engagement at a time.
The route here
I started on the blue side, as a tier-2 SOC analyst, monitoring and triaging for enterprise customers of a global managed security provider. It was a good place to learn how incidents actually unfold, how detection rules fail, and how much of "response" is really about writing things down clearly under time pressure.
I then moved into offensive consulting, first at a smaller Dutch practice, then for several years inside a large telco's security lab. That role spanned pentesting, red team operations, detection engineering, and the build of a SOC-in-a-box capability aimed at mid-market Dutch organisations. It included substantial work on IoT and OT security, Azure and on-prem red team, and assignments in defence and critical-infrastructure environments where the boring parts matter more than the clever ones.
I went independent because the work I most enjoy, deep, opinionated, and long-form, does not fit neatly into large-consultancy utilisation models. I wanted to pick engagements where I could make a meaningful difference to one organisation at a time, and do the work myself rather than oversee someone else doing it.
Credentials
OSCE3 bundles OSWE (source-level web exploitation), OSEP (evasion and internal operations), and OSED (Windows exploit development); OSCP sits alongside them. All are examined against live, hands-on labs, so the certifications map to work that can actually be done on an engagement, not to multiple-choice theory.
MSc Advanced Cyber Security, focused on offensive research: phishing platforms, payload development against static analysis, privilege-escalation tradecraft, and TTP-based detection rules.
Roughly eight years of full-time security work across SOC analysis, pentesting, red team, detection engineering, and advisory, in defence, critical-infrastructure, telecom, healthcare, and industrial environments.
Want to talk about a specific situation?
A short call is the easiest way. No prepared agenda needed.