Description

Having been in cybersecurity for more than a decade as a leader in this space, I have had the benefit of exposure to both the industry and consulting sides of the industry. I began my journey as a penetration tester and in web application security, and later moved on to a leadership role where the emphasis was on constructing security that actually works for the organisation.

Experience in the consulting world, including at Deloitte, has given me the skills to quickly relate to diverse companies, sectors, and risk profiles—and to achieve security outcomes in a complex, dynamic setting. The industry experience that followed has given me the chance to leverage these learnings to build security into the long game, at scale. What I think is the right balance between leaning into the business to understand true priorities and constraints, and leaning out to develop a security strategy that is pragmatic, executable, and risk-informed.

I’ve collaborated with the engineering and product groups to enhance security on various platforms. I’ve kept business in mind in all these endeavours, aiming to enable the business unit rather than hinder it. It has been important for me to build strong relationships and communicate effectively.

As I have gained experience conducting assessments for private and public sector entities to help them address threats, certifications such as Lead Auditor 27001 and Cyber Threat Intelligence from GIAC demonstrate my keenness to learn and stay up to date in a domain that is constantly evolving.

Languages

English
Native or bilingual

Workplace preferences

Can work on-site

The Hague (up to 50km)

ikea
Head of Attack surface Management
RETAIL (LARGE RETAILERS)
September 2025 - Today (9 months)
Delft, Netherlands
As a cybersecurity leader at IKEA, I drive the strategy and execution of global security posture management to safeguard IKEA’s digital ecosystem across diverse markets and platforms. My focus is on building resilient defenses that align with IKEA’s values of simplicity, togetherness, and responsibility—ensuring security enables innovation, customer trust, and sustainable growth.

Key areas of impact:

Global Attack Surface Management – Proactively discovering, monitoring, and reducing exposures across the enterprise.

Application & Cloud Security Posture – Embedding secure-by-design practices and scaling maturity across development and operations.

Federated Governance – Establishing collaborative models that empower platform teams while ensuring global consistency and oversight.

Security Enablement – Partnering with business and technology stakeholders to integrate security into digital transformation and retail innovation.

Strategic Leadership – Building scalable global security programs that deliver measurable risk reduction and stakeholder trust.

IKEA’s vision is “to create a better everyday life for the many people”—and in my role, I bring the same vision to cybersecurity: enabling safe, secure, and trusted digital experiences for colleagues, partners, and customers worldwide.
Ahold Delhaize
Cyber Defense Manager
RETAIL (LARGE RETAILERS)
January 2021 - August 2025 (4 years and 7 months)
Zaandam, Netherlands
Led the Attack Surface Management (ASM) and Vulnerability Management (VM) capability, covering both external and internal attack surfaces across multiple operating companies.

Built and scaled a centralised ASM program, improving asset visibility and ownership across internet-facing and internal assets.

Implemented risk-based vulnerability prioritisation, focusing on Critical & High exposures and measurable MTTR reduction.

Integrated and operationalised tools such as Ionix, Qualys (VM & WAS), ServiceNow SecOps, and supporting data sources (DNS, CMDB).

Designed and governed the end-to-end vulnerability lifecycle, from discovery and triage to remediation tracking, exception handling, and SLA governance.

Established cross-functional working groups with platform teams, business units, and infrastructure owners to drive remediation at scale.

Led stakeholder management across global teams, balancing security risk, business priorities, and operational constraints.

Drove automation and integration between security tools and ServiceNow to ensure consistent ticketing, ownership mapping, and reporting.

Defined and reported executive-level metrics and dashboards, enabling leadership visibility into risk posture, SLA breaches, and remediation progress.

Coordinated with Red Team, Blue Team, and external penetration testers, ensuring findings were tracked and remediated effectively.

Supported broader Application Security and Cloud Security initiatives, aligning ASM with secure SDLC and platform security efforts.

Acted as a strategic advisor to leadership on exposure management, risk acceptance, and long-term security posture improvement.
Deloitte
Manager
January 2017 - January 2021 (4 years)
Brussels, Belgium
Defined and executed a comprehensive roadmap to strengthen the client’s cybersecurity posture
Evaluated existing cybersecurity capabilities against NIST SP 800-53 and ISO 27001 standards, performing gap analyses to determine the organization’s current maturity level
Partnered with the client to develop and implement a TOM by establishing clear KPIs, defining RACI matrices, and setting up a robust governance structure
Devised and implemented a pragmatic security awareness initiative, incorporating innovative methods such as a mini cyber escape room and scenario-based tabletop exercises
Managed resource planning, budgets, and client relationships while enhancing both internal and external reputation
Provided leadership and coordination in incident response activities, managed relationships with third-party vendors, and served as a critical member of the crisis management team
Conducted comprehensive penetration assessments for web applications (including PR companies and Brand Management systems) and thick-client applications
Led threat modelling exercises and security architecture reviews to bolster the protection of e-commerce web applications
Performed detailed analyses of the client’s Public Key Infrastructure (PKI) to ensure robust cryptographic controls
Creating Senior Management Report to ensure all compliance is followed while creating security policies and procedures
Coordinate/participate in technical training and product updates with business partners
Cybersecurity Application Security Cloud Security posture Management PenTest red teaming