g 3 r t
Gert
About

Gert Nelen

22

Years Of Experience In Security

Phone: +32 474 86 19 44

Email: gert.nelen at g3rt.be

Address:
August Van Doorslaerlaan 55
1860 Meise
Belgium

Date of Birth: July 15th, 1979

Download CV

Hello! I'm Gert
Having worked more then 20 years in the domain of network infrastructure and security and more than 10 years working for and with intelligence services, I have a lot of experience to bring to the table.
I have worked in very heterogenous environments with extreme security requirements, built networks compliant with NATO and EU standards, a broad experience in security operations and advised in several breach incidents.
I have hands-on experience on a number of tools and platforms, among which
Palo Alto, Fortinet, Juniper, Suricata, Cisco, WDATP, QRadar, TheHive, Azure, Sentinel, ...
I can work in and with a team and can communicate clearly.

Icon
Featured Works

Expertise

Image

Network Defense

Having defended very complex and highly valued networks for a long time with quite some succes, I have acquired thorough knowledge of complex layer 2 and layer 3 networks and their different levels of defense. I also have hands-on configuration experience on many products (open source, fortinet, palo-alto, juniper, cisco, epicom, suricata, ...), beit firewalls, honeynets, ids, ips, DLP, or sandboxing.
Image

Incident Handling

Responding to a security incident requires a focused analysis and a decisive coördinated response. When impact from a cyberattack is detected we need to investigate the incident and its context, assess correlated impact and contain the threat in the shortest delay possible. Next up are the eradication and recovery phases, returning back to normal. Finally we improve our resilience by studying root cause and potential improvements. An IR team should be prepared for reacting when a cyberattack occurs and know their focus in each phase.
Image

Network and security analysis

Having worked with, connected and secured so many networks, systems and security components - great and small - to all different levels of protection gives me the ability to analyse the current protection, it's configuration and advise on possible investments, reconfigurations, changing your work(er) processes or other improvements to better protect your most valuable assets.
Image

Security Operations

Security operations focuses on correctly handling operational security events and alerts and minimizing the risk from all sorts of cyberthreats. This ranges from incident handling and Investigate & Analyze funtions to Detection Engineering and Threat Hunting. Vulnerability and patch management focuses on reducing the attack surface while Threat intelligence enriches all above capabilities with real life actionable information.
Overview

Training

  • Brucon 2024 A quick, efficient, yet not entirely sane, primer on Cyber Deception
  • Brucon 2024 Advanced Incident Response in the MS Cloud
  • 2023 SANS SEC699: Advanced Purple Teaming - Adversary Emulation & Detection Engineering
  • Brucon 2023 IoT Security Bootcamp
  • 2022 GDAT certification – GIAC Defending Advanced Threats
  • 2022 SANS SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses
  • Brucon 2022 Linux Forensics Inspection and Incident Response at scale
  • 2021 Certified CCSP
  • Brucon 2021 Operational Threat Intelligence
  • 2020 Certified CISSP
  • Brucon 2019 Full Stack Exploitation
  • Brucon 2018, Network Data Exfiltration Techniques-Post Exploitation
  • SANS SEC560 Network Penetration Testing and Ethical Hacking
  • SANS SEC660 Advanced Penetration Testing, Exploit Writing and Ethical Hacking
  • SANS SEC575 Mobile Device Security and Ethical Hacking
  • SANS SEC760 Advanced Exploit Development for Penetration Testers
  • Suricata Intrusion Detection Training
  • SANS SEC511 Continuous Monitoring and Security Operations
  • Ethical Hacking (tailormade) by John Cordier Academy
  • Fortinet Professional by Exclusive Networks
  • Fortinet Specialist by Fortinet
  • Juniper JNCP
  • VMWare ESXi 5.5 configure and install
  • Powershell (Karel de Grote highschool)
  • SANS FOR500 Windows Forensics Analysis
  • SANS FOR508 Advanced Digital Forensics Incident Response and Threat Hunting
  • SANS FOR572 Advanced Network Forensics and Analysis
  • SANS SEC503 Intrusion Detection In-Depth.

I regularly visit security-conventions/seminares (ICCS, ISS world, Black Hat, Brucon, ...) to keep me informed of the latest developments in the field.

Jobs

Experience

2001-2007

Network-and systemadministrator

VLAAMSE GEMEENSCHAPSCOMMISSIE
I got a great start in this challenging environment and started out writing firewalls, hardening unix servers, managing Intrusion Detection Systems and building tunnels for this quickly growing secured network.

2007-2018

Network Security Engineer

VS/SE
A very diverse and complex network with high security requirements and a vast number of secured connections all over the world form a challenging playground. I could acquire experience in both blue and red team operations and succesfully worked with companies and agencies globally to try and make 'cyber' a little 'safer'.

2018-...

ICT Security Specialist

g3rt bvba
I started my own firm knowing I have a specific specialist view because of the variety of interesting cases I have encountered over the years. I think g3rt is the logical next step for me to keep finding those challenges that keep life interesting.

Featured

Projects

SOC, CTI

Threat Management Role, SOC BNPPF

Operationalize Threat Intelligence (CTI) function within existing Security Operations Center
BNPPF had identified in 2018 that adding threat intelligence as a capability within their local SOC would provide additional value to their existing SOC functions of Vulnerability Management, Detection Engineering and Incident Response. Creating processes for absorbing threat intelligence information on both operational, tactical and strategical level and targeting these at relevant stakeholders in an adapted format, quickly proved CTI had a place within BNPPF's SOC.

More info about BNP Paribas Fortis

SOC, IR

Incident Responder (LCSIRT), SOC BNPPF

Organize and Operate the Local department of the bank's Incident Response Team
When a spot opened up in the end of 2018 on the LCSIRT team, I made the jump within BNP Paribas Fortis' SOC to the Local CSIRT. Organizing and handling the day to day incoming security alerts was the core business, obviously feeding back our output to Detection Eningeering and GRC teams.

More info about BNP Paribas Fortis

SOC, IR, Network Security

Incident Responder, Asco (PWC)

Part of the IR team, lead by PWC, my focus was on designing and implementing the Network Security Layer
After a major breach in june 2019 at Asco Industries, the international IR team, lead by PWC, decided to greenfield the entire IT and OT infrastructure of this aeroplane parts manufacturing giant. I was brought in as an external network security specialist, responsible for designing, implementing and documenting the firewall, network architecture and intrusion detection/prevention mechanisms.

More info about Asco Industries

SOC, Management

Operational SOC manager, Colruyt Group

The mission was to mature the existing SOC to Industry Standards and funtion as a team coach
Beginning 2021 I start my assignment to increase Colruyt Group 's existing soc's maturity to above-average performance levels. Design capabilities, processes, work methodologies and ensure personnel understands what is expected and how they can optimally achieve their goals. Work closely with architects and competence center to set out policies and to ensure the wider IT environment is prepared for next level detect and respond capabilities.

More info about Colruyt Group

Quick Links

Contact

© g3rt