It’s all about finding and protecting those ‘crown jewels
27 March 2017
Author: Security Talent

It’s all about finding and protecting those ‘crown jewels

As an Information Security Consultant, Mike helps organisations identify potential risks and threats to their core business and how to deal with this. Read the interview to find out what he does exactly to protect the 'crown jewels'.
Mike Onderdelinden
Information Security Consultant

BSc Integrale veiligheid at InHolland University of Applied Sciences

MSc Public Administration – Governance and Management of Complex Systems at Erasmus University Rotterdam

Information Security Consultant, what does that mean?

As an Information Security Consultant I look for what we call the ‘crown jewels’ within an organization. The ‘crown jewel’ is the most important asset of an organization. Besides their personnel this can be a specific process, essential resources, or even an essential asset like a machine or a server room. When we know what the ‘crown jewel’ is, we can decide what potential risks this client should be aware of. We map these relevant risks thoroughly, based on the core business and processes of the client. We then look at what plans and measures are already in place. And how effective they are. If necessary, we give further advice on how this organization can improve their security. This can range from returning keys and laptops when someone leaves the company, to advising about creating new checks and balances to prevent fraud.


What kind of risks do you focus on?

We look at different risks: fraud (vulnerable processes), cyber risks (information security based on people, technology and organisation) and crime (theft, extortion or terrorism). In case of a crisis or incident, we also support the client.


What projects are you involved with?

The projects I’m involved with vary a lot, both for public and private organisations. Today, half of all crimes are digital. Quite a shocking number! So at the moment there is an increase in awareness about the risks and consequences of digital crime. At Hoffmann we mostly work for bigger organisations but we also get smaller companies with high revenue and rapid growth that want to make sure their activities won’t be compromised.


IMG 5637 

And how do you approach a project?

When working on a project I perform a case study, visit on site, report and finally present my findings. Usually we are hired as a preventive measure. But sometimes our detective or digital forensics department is brought in after an incident. While they focus on the incident, they put me forward to perform a security scan. In order to help the organisation prevent a future incident.


Why Hoffmann?

Hoffmann is the oldest private detective firm in The Netherlands and a well-known name in the security business.


Can you name a milestone in your career?

Well, discretion is very important in my line of business. I have done a lot of great projects but our clients prefer not to see their name mentioned - as you might understand. A personal highlight in my career though was when I was hired at Hoffmann. This was the company I heard so much about and was fascinated by. So it was pretty cool that I got the opportunity to work for them.


How will your industry or job in particular change over the next few years?

Our lives are changing fast. Digitization, the Internet, privacy issues. In today’s digital world, we depend more and more on data. And securing this data will always be a point of concern. The focus will be more on digital security, but the physical part of security will always exist as well. Because a server park or data center also needs to be protected from physical threats.


IMG 5484


How do you keep up?

My way of working will not change that much I think. It’s still about protecting the ‘crown jewels’, looking from the outside in and from the inside out when I perform a security scan. But the way we look could very well change, because of new techniques. We might have to become more creative. In that sense our scope will change. I make sure I keep up with important developments. For example I took a course on the subject  ISO27001 including certification. And I am an avid reader of


How did finding a job after your study go?

At the end of my studies a friend of mine was working for Deloitte. He thought I would be interested in this as well. I did some research and agreed with him. So after graduating I packed my bags to go travelling for a couple of months but as soon as I came back I applied at Deloitte. Successfully.


Do you have any tips for up-and-coming talent?

Always keep an open mind. When looking for a job approach companies that you find interesting. See up close what a company is like. Investigate, do your research. Ask questions. This way you will make sure you find the job that matches your interest.

It’s all about finding and protecting those ‘crown jewels

More Interviews