BSc Integrale veiligheid at InHolland University of Applied Sciences
MSc Public Administration – Governance and Management of Complex Systems at Erasmus University Rotterdam
As an Information Security Consultant I look for what we call the ‘crown jewels’ within an organization. The ‘crown jewel’ is the most important asset of an organization. Besides their personnel this can be a specific process, essential resources, or even an essential asset like a machine or a server room. When we know what the ‘crown jewel’ is, we can decide what potential risks this client should be aware of. We map these relevant risks thoroughly, based on the core business and processes of the client. We then look at what plans and measures are already in place. And how effective they are. If necessary, we give further advice on how this organization can improve their security. This can range from returning keys and laptops when someone leaves the company, to advising about creating new checks and balances to prevent fraud.
We look at different risks: fraud (vulnerable processes), cyber risks (information security based on people, technology and organisation) and crime (theft, extortion or terrorism). In case of a crisis or incident, we also support the client.
The projects I’m involved with vary a lot, both for public and private organisations. Today, half of all crimes are digital. Quite a shocking number! So at the moment there is an increase in awareness about the risks and consequences of digital crime. At Hoffmann we mostly work for bigger organisations but we also get smaller companies with high revenue and rapid growth that want to make sure their activities won’t be compromised.
When working on a project I perform a case study, visit on site, report and finally present my findings. Usually we are hired as a preventive measure. But sometimes our detective or digital forensics department is brought in after an incident. While they focus on the incident, they put me forward to perform a security scan. In order to help the organisation prevent a future incident.
Hoffmann is the oldest private detective firm in The Netherlands and a well-known name in the security business.
Well, discretion is very important in my line of business. I have done a lot of great projects but our clients prefer not to see their name mentioned - as you might understand. A personal highlight in my career though was when I was hired at Hoffmann. This was the company I heard so much about and was fascinated by. So it was pretty cool that I got the opportunity to work for them.
Our lives are changing fast. Digitization, the Internet, privacy issues. In today’s digital world, we depend more and more on data. And securing this data will always be a point of concern. The focus will be more on digital security, but the physical part of security will always exist as well. Because a server park or data center also needs to be protected from physical threats.
My way of working will not change that much I think. It’s still about protecting the ‘crown jewels’, looking from the outside in and from the inside out when I perform a security scan. But the way we look could very well change, because of new techniques. We might have to become more creative. In that sense our scope will change. I make sure I keep up with important developments. For example I took a course on the subject ISO27001 including certification. And I am an avid reader of security.nl
At the end of my studies a friend of mine was working for Deloitte. He thought I would be interested in this as well. I did some research and agreed with him. So after graduating I packed my bags to go travelling for a couple of months but as soon as I came back I applied at Deloitte. Successfully.
Always keep an open mind. When looking for a job approach companies that you find interesting. See up close what a company is like. Investigate, do your research. Ask questions. This way you will make sure you find the job that matches your interest.