Pascal De Koning Email & Phone Number

Groningen, Netherlands

Amsterdam Area, Netherlands

Cyber security strategy - development and implementation.

Information security strategy development and implementation. This includes IT risk assessments, vendor assessments, development of application security policy, security awareness project, etc.

Creating a risk-driven design for security monitoring. Conducting Business Impact Assessment (BIA), threat assessment and IT risk assessment. Elaborating a security strategy for the role of security monitoring in the total package of security measures. Functional definition of Events of Interest (use cases) to prepare and guide the technical implementation.

Setting up a security architecture for the IT-services of the dutch tax authority.

The SOC of the Dutch Tax Office is ahead of the troops in the Dutch government. To gain insight in further growth and professionalization, and the need for investments, I did an analysis on the functional service delivery, a drill-down in building blocks and costs, created a road map for the functional portfolio and a plan for delivering the functions.

The aim of the Security Services Catalogue project is realize the community-driven development of a security service catalogue, so that it can be consumed by enterprise (security) architects. The project is established as a joint initiative of The SABSA Institute and The Open Group Security Forum. It is supported by OSA (OpenSecurityArchitecture).

Leading, discussing, structuring and writing the TOGAF Security Guide, which provides a conceptual foundation for Security and Risk Management in TOGAF.

Developing an approach for securing the exchange of information between Air Traffic Control, KLM and Schiphol Airport. Information analysis, Business Impact Assessment (BIA), deduction of security requirements. Facilitating a risk assessment, assessing existing measures and creating an improvement plan.

Creation of a security architecture for Rabobank International. Assessment of controls present in 8 information systems, selection of preferred security measure and advising on changes in the measures. Goal was to end up with a more uniform operational environment where security controls complement each other in a logical and consistent way. The SABSA.

Quartermaster for the development of a Security Testing Center (part of Security Operations Center). Goal was to conduct technical security scans on the internet-facing part of the infrastructure of KPN. This included domain inventory (> 1000 web sites), discovery scans, automated vulnerability assessments and penetration tests.

Analysis of business drivers and deduced security objectives for Wageningen UR. Definition of a roadmap for improvements in information security with senior management approval.

Bring together TOGAF architects and SABSA security architects to integrate both frameworks. Coordination of the working group. Define goals. Propose concepts.

Setting up and filling in a security architecture for the PKI services at the highest security level within the Netherlands. Analysis of security requirements, definition of security services, gap analysis on existing security services, definition of roadmap for improvement of security. Keeping the head cool during the Diginotar hack crisis.

• Penetration testing (ethical hacking)
• Application security assessments
• Security awareness presentations
• IT-Risk assessments