Pascal De Koning

Experience

• 

  Various companies

  Jan 2000 - Jan 2008

  Penetration Tester

  • Penetration testing (ethical hacking)• Application security assessments • Security awareness presentations • IT-Risk assessments

• 

  KPN

  Jan 2006 - Jan 2012

  Security Architect

  Setting up and filling in a security architecture for the PKI services at the highest security level within the Netherlands. Analysis of security requirements, definition of security services, gap analysis on existing security services, definition of roadmap for improvement of security. Keeping the head cool during the Diginotar hack crisis.

• 

  The Open Group

  Apr 2010 - Jan 2012

  Chairman of the TOGAF-SABSA Integration Project

  Bring together TOGAF architects and SABSA security architects to integrate both frameworks. Coordination of the working group. Define goals. Propose concepts.

• 

  Wageningen University & Research

  Jan 2011 - Jan 2013

  Security Advisor

  Analysis of business drivers and deduced security objectives for Wageningen UR. Definition of a roadmap for improvements in information security with senior management approval.

• 

  KPN

  Jul 2012 - Jul 2013

  Team Lead Security Testing

  Quartermaster for the development of a Security Testing Center (part of Security Operations Center). Goal was to conduct technical security scans on the internet-facing part of the infrastructure of KPN. This included domain inventory (> 1000 web sites), discovery scans, automated vulnerability assessments and penetration tests.

• 

  The Open Group

  Apr 2013 - Jan 2016

  Chairman of TOGAF Security Guide

  Leading, discussing, structuring and writing the TOGAF Security Guide, which provides a conceptual foundation for Security and Risk Management in TOGAF.

• 

  Johan Cruijff ArenA

  Jan 2014 - now

  Security Advisor

  Cyber security strategy - development and implementation.

• 

  Rabobank

  May 2014 - Aug 2014

  Security Architect

  Creation of a security architecture for Rabobank International. Assessment of controls present in 8 information systems, selection of preferred security measure and advising on changes in the measures. Goal was to end up with a more uniform operational environment where security controls complement each other in a logical and consistent way. The SABSA approach was used.

• 

  The SABSA Institute

  Sept 2014 - Dec 2016

  Chairman of Security Services Catalogue project

  The aim of the Security Services Catalogue project is realize the community-driven development of a security service catalogue, so that it can be consumed by enterprise (security) architects. The project is established as a joint initiative of The SABSA Institute and The Open Group Security Forum. It is supported by OSA (OpenSecurityArchitecture).

• 

  Stichting BKR

  Dec 2014 - Jan 2017

  Strategic Advisor Security Monitoring (SIEM)

  Creating a risk-driven design for security monitoring. Conducting Business Impact Assessment (BIA), threat assessment and IT risk assessment. Elaborating a security strategy for the role of security monitoring in the total package of security measures. Functional definition of Events of Interest (use cases) to prepare and guide the technical implementation in Splunk.

• 

  Belastingdienst

  May 2015 - Dec 2016

  Setting up a security architecture for the IT-services of the dutch tax authority. The SOC of the Dutch Tax Office is ahead of the troops in the Dutch government. To gain insight in further growth and professionalization, and the need for investments, I did an analysis on the functional service delivery, a drill-down in building blocks and costs, created a road map for the functional portfolio and a plan for delivering the functions as-a-service.

  • Security Architect

    Jan 2016 - Dec 2016

  • Strategic Advisor Security Operations Center (SOC)

    May 2015 - Dec 2015
• 

  LVNL

  Jun 2015 - Sept 2015

  Security Advisor

  Developing an approach for securing the exchange of information between Air Traffic Control, KLM and Schiphol Airport. Information analysis, Business Impact Assessment (BIA), deduction of security requirements. Facilitating a risk assessment, assessing existing measures and creating an improvement plan.

• 

  Salland Zorgverzekeraar

  Nov 2015 - Oct 2017

  Security Officer

  Information security strategy development and implementation. This includes IT risk assessments, vendor assessments, development of application security policy, security awareness project, etc.

• 

  Vattenfall

  Aug 2017 - now

  Security Advisor
• 

  Land van Ons

  Sept 2022 - now

  Vrijwilliger biodiversiteitsmonitoring
• 

  ODC-Noord

  Jun 2023 - now

  Security Architect