Walter Belgers MSc CISSP CISA - CV

Education

• Atheneum at the Titus Brandsmalyceum in Oss (1982-1988).
• Technical Computing Science at the Eindhoven University of Technology (TU/e), faculty of Mathematics and Computing Science (1988-1994).
  Extra courses include Cryptology and Computercriminality I and II (Tilburg University).

Working Experience

• Madison Gurkha (2002 - now)

I work at Madison Gurkha as Principal Security Consulant and I am also a partner. A selection of the tasks I perform or have performed within Madison Gurkha:

• Performing technical security audits of designs or implementations of systems, networks and (custom) applciations and reporting about those audits.
• Managing (large) audits, such as the one for an international company in which three countries were visited to audit not only the security of systems and networks, but also physical security, susceptibility to social engineering and the presence of wireless networks.
• Performing a forensic investigation on cracked systems at an educational institution.
• Giving lectures and demonstrations at all kinds of meetings, but also for customers (such as Security Awareness sessions for technical staff as well as for higher management).
• Writing articles (such as a regular column) and doing reseach, such as an investigation to asses the security of Dutch web servers, and research to gather data about continuous attacks on home systems from the internet.
• Giving comments and opinions to the media.
• AT Computing (2000-2002)

At AT Computing, I was teacher and developer of several Unix- and internet-related courses:

• UNIX part 1 and 2
• TCP/IP-networks part 1 and 2
• UNIX System administration and system concepts
• UNIX- and Internet-security

Besides giving and (re)developing courses, such as the UNIX- and Internet-security course, I also gave security consultancy via AT Consultancy, and was (co-)responsible for the AT Computing/AT Consultancy firewalls.

• Atos Origin (previously Origin IT, previously Philips C&P) (1995 - 2000)

At Philips C&P I was a developer in the Managed Services group. I was responsible for the worldwide rollout of firewalls (installation, documentation, educating administrators and users), a.o. in the UK, Hongkong and Brazil.

Some of my other tasks were bid support and security consultancy.

I was also the developer and project leader of a scalable implementation of the Checkpoint FireWall-1 firewall.

• Compuhelp (1994-1995)

During this period, I worked for Philips C&P as developer of software for easy-to-use internet access.

Courses

• Certified Information Systems Security Professional (CISSP)
• Certified Information Systems Auditor (CISA)
• Advanced UNIX-programming (AT Computing)
• Java (Origin)
• Speaking Effective and Relaxed before groups (Schouten en Nelissen)
• Project Management (ISES International)
• Advising Skills for Consultants (ISES International)
• UNIX Kernel Internals (Dr. Marshall Kirk McKusick)
• Several AT Computing courses, like UNIX Tuning and Performance Analysis, The Programming Language Perl, Programming for the Web
• Several by selfstudy, like Internet routing

Conferences and tutorials

• 2008: NLUUG spring conference, topic 'Security', Ede.
  Contribution: head of the program committee.
• 2008: Ei/PSI Grand Opening, Eindhoven.
• 2007: NLUUG 25th Anniversary conference, Amsterdam.
  Contribution: member program committee.
• 2007: Security conference SURF IBO and SURFcert, Amsterdam.
  Contribution: Lecture Ethical Hacking.
• 2007: KIVI/NIRIA Lockpicking workshop, Enschede.
  Contribution: Workshop lockpicking.
• 2007: NLUUG autumn conference, topic 'Virtualisatie', Ede.
• 2007: Seminar Webdesign, Amsterdam.
  Contribution: Lecture Web Applicatie Hacking.
• 2007: Black Hat Sessions V, Ede.
  Contribution: Lecture "lessons learned".
• 2006: Games, Gamers & Gaming Event, Eindhoven.
  Contribution: Workshop lockpicking.
• 2006: VvTP symposium, Delft.
  Contribution: Workshop lockpicking.
• 2006: LinuxWorld, Utrecht.
  Contribution: Lecture Web Application Hacking
• 2006: Processing & ICT, Utrecht.
  Contribution: Lecture Security in the Process Industry
• 2006: NLUUG autumn conference, topic 'IP communication', Ede.
• 2006: Kryptos Symposium IT Security, Enschede.
  Contribution: Lecture on cracking WEP.
• 2006: 4th SANE2006, System Administration and Networking Engineering Event, Delft.
  Contribution: Black Hats Session V tutorial (full-day, given twice).
  Contribution: lockpicking session.
Contribution: Guru Is In session.
• 2006: How secure are IT-networks?, Hogeschool Zuyd, Heerlen.
  Contribution: Lecture on digital vermin.
• 2005: NLUUG autumn conference, topic 'Languages and Tools', Ede.
• 2005: Open Source (more flexible - cheaper - safer), Open Source Business Club, Eindhoven.
  Contribution: Lecture on security and open source.
• 2005: WTH'2005, What The Hack, Liempde.
  Contribution: head of technical staff.
• 2005: Black Hat Sessions IV, Ede.
  Contribution: Lecture on covert channels.
• 2005: MacIS meeting, topic: Security.
  Contribution: Lecture 'Wireless Security'.
• 2005: Lockpicking demonstration, TU/e faculty of Mathematics and Computing Science.
• 2005: NLUUG autumn conference, topic 'E-mail and Beyond', Ede.
  
• 2004: 21C3, Chaos Communication Congress, Berlin, Germany.
  
• 2004: DKUUG Security Seminar, Copenhagen, Denmark.
  Contribution: two-day Black Hats Session tutorial.
• 2004: Infosecurity.nl, Utrecht.
  Contribution: Lecture 'Invisible traces: just how invisible are they?'.
• 2004: 4th SANE2004, System Administration and Networking Engineering Event, Amsterdam.
  Contribution: program chair.
  Contribution: Black Hats Session IV tutorial (full-day).
  Contribution: lockpicking session.
• 2004: MegaBIT, Ede.
  Contribution: lockpicking tutorial.
• 2004: Black Hat Sessions III, Ede.
  Contribution: Live hacking demonstration.
• 2004: NLUUG spring conference, topic 'Open Source in Business', Ede.
  
• 2004: TICER conference, topic 'IT-maintenance and security', Tilburg.
  Contribution: Lecture 'Hacked, now what?'.
• 2003: 20C3, Chaos Communication Congress 2003, Berlin, Germany.
  
• 2003: Black Hat Sessions II, Ede.
  Contribution: Lecture on WiFi.
• 2003: NLUUG autumn conference, topic 'Trust, but verify!', Ede.
  
• 2003: MegaBIT, Ede.
  Contribution: Lecture 'PicoBSD, small is beatiful'.
• 2003: NIRIA, Utrecht.
  Contribution: Lecture '{H,Cr}acking Linux'.
• 2003: Black Hat Sessions I, Ede.
  Contribution: Lecture.
• 2002: 2nd European BSD Conference, Amsterdam.
  Contribution: Organisor.
  Contribution: Program chair.
• 2002: NLUUG autumn conference, topic 'Extreme UNIX', Ede.
  Contribution: lecture 'PicoBSD: klein is fijn'.
• 2002: MegaBIT, Ede.
• 2002: Student Society GEWIS Security Symposium, Eindhoven.
  Contribution: lecture 'Cracking in the Free World'.
• 2002: 3rd SANE2002, System Administration and Networking Event, Maastricht.
  Contribution: Member of the program committee.
  Contribution: Full-day tutorial 'Black Hats Session III - The Essentials'.
  Contribution: Full-day tutorial 'Black Hats Session III - DIY Hacking'.
  Contribution: Member of the jury for the best poster-award.
• 2002: Hogeschool Brabant, lecture for students, Breda.
• 2001: NLUUG autumn conference, topic 'UNIX on the Desktop', Ede.
• 2001: HAL'2001, Hacking At Large, Enschede.
  Contribution: Member of the network team.
  Contribution: Co-responsible for the IPv6 network.
  Contribution: lecture about FreeBSD.
  Contribution: Half-day tutorial on IPv6.
  Contribution: Half-day tutorial on FreeBSD.
• 2001: Summercon, Amsterdam.
• 2001: NLUUG spring conference, topic 'UNIX and High Availability', Ede.
• 2001: Black Hat Briefings and Tutorial, Singapore.
• 2000: NLUUG autumn conference, topic 'Met UNIX het diepe in! Capita Selecta, Ede.
• 2000: 9th USENIX Security Symposium, Denver, USA.
• 2000: 2nd SANE2000, System Administration and Networking Event, Maastricht.
  Contribution: Half-day tutorial 'Black Hats Session II'.
  Contribution: Member of the program committee.
• 1999: NLUUG autumn conference, topic 'Linux and Open Source for professional use', Ede.
• 1999: Infosecurity, Utrecht.
  Contribution: lecture on remote management.
• 1999: CCC, Chaos Communication Camp, Berlin, Germany.
• 1999: 11th FIRST, Annual Forum of Incident Response and Security Teams Conference, Brisbane, Australia.
  Contribution: Full-day tutorial, 'Black Hats Session'.
  Contribution: Member of the program committee.
• 1998: 1st SANE'98, System Administration and Networking Event, Maastricht.
  Contribution: Half-day tutorial 'Black Hats Session'.
  Winner of the inSANE quiz.
• 1998: 7th SANS, System Administration, Networking and Security Conference, Monterey, USA.
• 1997: OTA/NLUUG winter conference, Antwerp, Belgium.
• 1997: HIP, Hacking In Progress, Flevopolder.
  Contribution: volunteer networking group (building the network).
• 1997: NLUUG summer conference, topic 'New trends and technologies', Ede.
• 1996: NLUUG spring conference, topic 'Security', Ede.
  Contribution: lecture 'Security op maat' (invited talk).
• 1995: SGG-SEC, SURFnet Users' Group Security meeting, Utrecht.
  Contribution: security lecture (invited talk).
• 1995: HEU, Hacking at the End of the Universe, Flevopolder.
• 1994: SURFnet congres 'Wij geven kennis', Utrecht.
  Contribution: ongoing demonstation of PGP.

Other publications

• A regular column in NetOpus (2007-now).
• Article "Who controls your process network?", published in Maintenance Magazine and reprinted in Solids Processing.
• Article in the series Questafette titled 'More awareness is needed to prevent security-related problems' in Informatiebeveiliging (GvIB) (june 2005)
• A regular column in Business in Facilities (2002-2005).
• 'Webserver-security in the Netherlands'. (2004, in Dutch)
• 'Firewalls - An Introduction' and 'Firewalls - A Cookbook' for the European DESIRE project (1995).
• 'UNIX Password Security' for CERT-NL (1993).

Additional activities

• Founder and head of the Eindhoven departement of the Lockpicking group TOOOL. (2006-now).
• Chairman of the Unix Users Group - the Netherlands (NLUUG) (2002-now).
• Editor of the bimonthly magazine of alumni organisation VIE, and regular author of a technology column in said magazine (1998-2003).
• Editor of the TimeWasters Online Magazine, the first Dutch e-zine, also regular author of articles and administrator of the www.timewasters.nl server (1992-now).
• Implementation of an 'Internet Cafe' for the Eindhoven Computer Association (ECA) (1996).
• Systeem administrator at the Digital City Eindhoven from when it was founded (1994-now).
• Volunteer at Internet Access Eindhoven, one of the first Dutch ISPs (activities included helpdesk work and the development of an 'Internet-kit') (1994-1998).
• Several activities for Student Society GEWIS (Eindhoven University of Technology), like treasurer of the board, organiser of the preliminary of the Dutch Programming Championships, secretary of the computer committee (and hence also system administrator), and participant of the Japan Study Tour (1988-1994).

Technical knowledge

• (Programming)languages: C, sh, Perl, sed, awk, HTML, Z80 assembly, Pascal, Visual Basic, PostScript.
• Operating systems: FreeBSD, OpenBSD, NetBSD, BSD/OS, Linux, SunOS, Solaris, HP-UX, AIX, IRIX, Mac OS (X), OPENstep, CP/M, DOS, Windows 3.x/9x/2000/XP.
• Application: a.o. Apache, Sendmail, Postfix, Bind, IP-filter, cvs, several security applications (tcp wrappers/ssh/snort etc).