Upgrade Post project
Profileimage by Dick vanBladel Senior IT Consultant ISO27001 - ISO22301 from Keerbergen

Dick van Bladel

Keerbergen
partly available

Last update: 24.03.2024

Senior IT Consultant ISO27001 - ISO22301

Graduation: Certified ISO27001 Lead Implementer - Certified ISO22301 Lead Implementer - Certified ISO31000 Lead Risk Manager - Certified AWS Architect - CISSP - Certified Data Centre Professional
Hourly-/Daily rates: show
Languages: German (Elementary) | English (Full Professional) | French (Full Professional) | Dutch (Native or Bilingual)

Keywords

Attachments

CV-DVB-20230902-IT-CONS_151223.pdf

Skills

PROFILE DESCRIPTION
Dick's current focus lies on projects related to Business Continuity, Information Security, IT Risk & Compliance and Datacenter Design and Implementation.
  • Dick is a data center expert with more than 25 years of experience in the IT industry.
  • After his engineering studies, he spent most of his career at IBM and PwC working on infrastructure-related projects in various technical and consulting roles before starting as an independent IT professional.
  • Based on his engineering roots, he was soon attracted by the technical complexity of datacenters combining many trades such as construction, electrical and mechanical engineering, connectivity, security as well as IT, in which he developed vast expertise.
  • Even before the digital age, Dick was fascinated by the link between technology and business, and how an IT environment can significantly influence business success through its flexibility, availability and security (or lack thereof).
  • His years of experience in the design, setup and operating of IT infrastructure, the management of technical projects and his dealings with business stakeholders and project teams make Dick a very versatile IT professional.

KEY STRENGTHS
Apart from his technical expertise, Dick is most appreciated for:
  • Leading technical IT projects
  • Managing stakeholder expectations
  • Connecting with people and building teams
  • Translating business requirements into technical specs
  • Distilling complex situations into concise reports with clear conclusions and actionable recommendations

FORMAL CERTIFICATIONS
  • Certified ISO22301 Lead Implementer
  • Certified ISO27001 Lead Implementer
  • Certified ISO31000 Lead Risk Manager
  • Certified Prince2 Practitioner
  • Certified Information Systems Security Professional (CISSP by (ISC)2)
  • Certified Data Centre Professional (CDCP by EPI)
  • Certified Google Cloud Engineer (by Google)
  • Certified Microsoft Azure Fundamentals (by Microsoft)
  • Certified AWS Cloud Practitioner (by Amazon)
  • Certified AWS Solution Architect Associate (by Amazon)
  • Certified ITIL Foundations V3
  • Certified Enterprise Architect TOGAF 9

CAREER OVERVIEW
  • 07/2020 - today: INTERNATIONAL IT CONSULTING bv (freelance)
  • 04/2017-06/2020: PwC Belgium
  • 01/2017-03/2017: IBM Belgium
  • 01/2012-12/2016: IBM UAE
  • 10/1994-12/2011: IBM Belgium

Project history

12/2023 - Present
See listed CV for more detailed project experience
01/2022 - 12/2023
Developing and implementing a Business Continuity Management System
(Public service, 10-50 employees)
An organisation working for the Dutch Notary Association wanted to become a Trust Service Provider to provide eID services. As part of this ambitious plan they needed to obtain ETSI-certification which required a sound business continuity management system.
Main projects activities were (initial scope up to 04/2022)
  • Identification and review of existing documentation and driving a documentation update exercise
  • Capturing key business activities with their criticality and developing formal RTO/RPO
  • Interactions with internal and external stakeholders (management team, IT operations, IT architect, security officer, datacenter provider, network provider, HR) to drill down from the processes into the underlying IT infrastructure layers which was split into a colocation, an IaaS and a PaaS environment
  • Development of BCMS documentation such as Business Continuity Plan, Disaster Recovery Plan, Backup Policy, Backup Plan, Crisis Management Plan, Facilities Policy (as per ISO22301)

Project extended, estimated completion 03/2023:
  • With only a few weeks left before the external ISO27001 audit, the Security Officer was terminated and I was asked to step in as ad interim Security Officer with my first objective to successfully pass the audit (which we did)
  • Continuing in my temporary Security Officer role, I worked on further improving the ISMS, setting the priorities for the coming year, starting with a revamp of their Risk Treatment Plan and the development of a proper security information KPI dashboard
  • Once the new Security Officer was hired, I shifted back to my initial scope which was the implementation of the  BCMS I developed earlier, and supporting the organization in their ambition of passing the ETSI stage 2 certification
05/2022 - 06/2022
Definition of an IT Operating Model for Oil & Gas
(Industry and mechanical engineering, 500-1000 employees)

A boutique consulting firm needed expert advice in defining an operating model for a petrochemical company in Oman.

This was brief engagement where I was brought in to provide IT expertise in the oil & gas industry.

03/2022 - 04/2022
Due diligence for a hyperscale DC operator acquisition
(Banks and financial services, 250-500 employees)

A bank wanted to invest in a local datacenter provider in Europe. I was engaged in a datacenter and cloud expert role by the management consulting firm who was advising the bank with the due diligence analysis.
Main project activities:

  • Nordic cloud & datacenter market competitive analysis

  • Vendor due diligence reports analysis

  • Development of red flag report, providing a concise overview on the provider situation with regards to its infrastructure, staffing, competitive position, business strategy, growth and forecast

12/2021 - 03/2022
Datacenter/Cloud strategy
(Public service, 50-250 employees)

This client needed an answer to their question of where to host and run their 3 environments: in their own datacenters, in a private cloud, in the public cloud (IaaS/PaaS/SaaS) or using a combination of all these.

Interesting aspect was that, due to a recent company merger, their IT consisted of 3 distinct sub environments each having their own non-functional requirements. Main project activities:

  • Analysing application portfolio and IT environment and mapping these to the existing datacenter landscape and service delivery models

  • Capturing business requirements and definition of evaluation criteria

  • Identification of possible DC solutions and delivery models and combination into potential scenarios

  • Qualitative evaluation of scenarios

  • Quantitative evaluation of scenarios based on a high level financial analysis

  • Motivation and justification of scenario scoring and evaluation

  • Development of the recommended target datacenter landscape

  • Consolidation into a management report

  • Presentation to management team

01/2021 - 03/2021
Data center study
(Public service)
A governmental agency wanted to evaluate the country as a data center location, compare the position of Iceland against Ireland and understand its specific strengths and weaknesses for attracting future data center investments. To meet client expectations, the content of the deliverable was defined jointly with representatives from the power, telco and data center industries.
The report includes:
  • Global trends and data center market drivers
  • Icelandic data center market today and ambitions going forward
  • Analysis of Ireland as a European data center growth region
  • Comparing data center value propositions
  • Financial benchmark Iceland vs. Ireland
  • Conclusions and actionable recommendations for the government to improve the position of Iceland in the market
07/2020 - 12/2020
interim IT infrastructure manager
(Industry and mechanical engineering, 500-1000 employees)
The recently appointed IT Director needed urgent help to manage his team and ongoing projects while facing significant challenges:
  • The company had been hit very hard by a ransomware attack which had brought down manufacturing for several weeks. After one full year of rebuilding, the IT team was still struggling to rebuild the complete IT and OT environments with manufacturing spread across 4 countries.
  • The attack happened during an acquisition by another company which was put on hold to allow an external audit ordered by the European Commission to look into competition aspects.
  • The auditor was performing an in-depth investigation into all systems looking for sensitive manufacturing, supplier and client data and required ring-fencing this data before any take-over could take place.
  • Under huge pressure from their internal clients who complained about the strictness of the newly applied security rules making it hardly workable for them to do their daily jobs.
  • Urged to reduce costs of the external consulting company that had been running large portions of the IT for more than a year since the attack. Many responsibilities had to be passed back to the already stressed IT-team.
  • And then, in the midst of this all, the IT director had to lay-off his IT infrastructure manager and his lead architect without any hand-over taking place.
This proved to be more of a people project than a technical project: rebuilding the IT infrastructure team (20 people) was one of my main objectives in order to help the IT director get things back on track. Next to this, I focused on setting the right priorities for the infrastructure to grow into a secure IT and OT environment while keeping the users satisfied.
01/2020 - 03/2020
Development of an IT Service Level Agreement
(Public service)
Project focus:

The ministry was relying on another ministry for the provision of its IT services. Motivated by an initiative of the European Commission to improve the reliability of their IT services, clear agreements were required to manage the relationship between the ministries. A service level agreement had to be developed and agreed on between both parties, describing the service catalogue, both parties’ responsibilities, the service level objectives, the service level targets and the SLA governance approach.

Main tasks performed:
  • Identification of stakeholders and services being provided
  • Organisation of client workshops for information gathering
  • Definition of roles and responsibilities
  • Definition of SLA objectives
  • Definition of SLA measurement and monitoring
  • Development of draft SLA document
  • Organisation of client workshops to find consensus on draft SLA content
  • Iteration and development of final SLA document
06/2019 - 09/2019
Public cloud cost analysis
Facing unexpectedly high monthly cloud infrastructure charges, this client wanted to have an independent review done of their main cloud-based application and its underlying Azure infrastructure.

As the client and his supplier were bound by a multi-year contract, an agreement had to be found to improve the relationship which had become troubled since the costs got out of hand.

Main tasks performed:
  • Understand client (user) position with regards to excessive costs
  • Capture the supplier’s position and assess their arguments justifying excessive costs
  • Review tendering and contractual documents with regards to requirements and infrastructure estimates
  • Gap analysis to identify differences between the initially requested solution and the deployed solution (functional and non-functional requirements)
  • Analyse the deployed Azure infrastructure and services and the corresponding monthly invoices
  • Review application architecture in terms of resource efficiency and future-proofness
  • Development of independent report listing observations with regards to recurrent cost of the deployed solution as well as recommendations for cost optimisation 
  • resentation of report highlights to both client and supplier management teams
04/2019 - 06/2019
Performing a DR maturity assessment
(Energy, water and environment)
Triggered by an IT audit, the board of directors asked to assess the state of the disaster recovery capabilities in the company. Given the criticality of the infrastructure managed by the organization, the recoverability of its ICT environment was of the utmost importance and the client wanted to have an independent review done.

Main tasks performed:
  • Tailor assessment approach and questionnaires to client situation and needs
  • Organise data gathering activities such as workshops, interviews and site visits
  • Assess the maturity of multiple DR aspects such overall readiness, people, applications, infrastructure and data centers
  • Prepare management report including key findings, recommendations for improvement and feedback towards audit committee
03/2019 - 04/2019
Developing a new end-user device policy
(Public service)
This government entity had to manage 71 different types of end-user devices for its staff. While clearly in need of a more consistent end-user device policy with reduced types and models on one hand, they also wanted to take advantage of the new policy to introduce more flexibility. This would allow the users to spend ‘their’ budget as per their own needs and preferences, and would in turn help the organisation to be more attractive as an employer in the battle for talent. A delicate balancing act was required to increase flexibility while reducing the number of devices.

Main tasks performed:
  • Assess current end-user device policy and inventory
  • Define policy guiding principles based on organisation requirements and ambitions
  • Develop multiple draft alternatives for the policy with varying levels of flexibility based on market best practices
  • Compare alternatives based on their user-friendliness and operational manageability
  • Develop a shortlist of three alternative end-user device policies for presentation to the management team, including indicative device list and budgetary impact
08/2018 - 09/2018
Data center outage analysis and DR review
(Banks and financial services)
This top-3 South-African bank was hit by a major outage in one of its production data centers. The disaster recovery operations didn’t go as smoothly as expected and different stories of what had happened circulated in the bank (by facilities, IT, business).

They hired external consultancy to provide a consolidated view on what happened (root cause analysis), to understand what went wrong during the DR and to define what could be done to avoid this from happening again in the future (recommendations).

Main tasks performed:
  • Understand client’s IT and data center landscape
  • Interview stakeholders (business, IT, Facilities) and capture their view on the incident
  • Data center visit and documentation review
  • Consolidate various internal reports into one consolidated view
  • Participate in review of resiliency and DR documents
  • Provide recommendations for improvement
05/2018 - 08/2018
IT asset inventory and optimisation
(Banks and financial services)
The bank was going through a transformation shifting more responsibilities from the Infrastructure team to the Application teams. They wanted to improve agility as well as reduce infrastructure cost and planned for the Application teams to own and manage their own infrastructure stack.

The client project sponsor was located abroad but insisted the team to be local in order to make sure to match the local culture, to help reduce resistance to the upcoming change and to overcome the ‘stickyness’ (sic) of the local organisation.

Main tasks performed:
  • Understand client’s IT organisation and analyse the platform landscape (Windows, Linux, AIX, Solaris and storage)
  • Develop an approach and build a communication plan to engage with the application teams spread across 25 different application areas
  • Initially organize bulk data gathering sessions and gradually switch to a more personalized approach to ensure reaching 100% server ownership of the 6000 identified servers
  • For the different platforms initiate the capturing of resource usage data
  • Provide monthly management status updates
05/2018 - 07/2018
Cloud transition for an investment company
(Banks and financial services)
This established investment holding company wanted to move away from its on-premise IT which no longer met their requirements in terms of availability and recoverability. They needed help to define a new cloud-based target architecture and to find the most suitable partner for the implementation.

Main tasks performed:
  • Define acceptable target cloud solutions meeting requirements in terms of availability, recoverability and security
  • Develop tender documents including technical specifications for the target architecture and evaluation criteria
  • Identify list of companies to be invited to the tender and answer bidder questions
  • Initial bidder proposal review and creation of shortlist
  • Attending shortlisted bidder presentations, in-depth solution evaluation and data center site visit
  • Recommendation for partner selection
  • Prepare documentation and argumentation to help the project sponsor convince stakeholders throughout the company about the security of the selected cloud solution
09/2017 - 03/2018
Data center construction supervision
(Banks and financial services)
This bank in Kuwait lacked in-house data center expertise during the construction of their new main production data center. They needed a trusted advisor to protect their interests throughout the data center detailed design and implementation.

Main tasks performed:
  • Review the contractor proposal for gaps with the bank’s requirements
  • Attend detailed design workshops on layout, electrical, cooling, connectivity and security
  • Review design submittals and provide recommendations for acceptance or rejection
  • Review contractor project planning and monitor progress
  • Advise on adherence to applicable industry standards and best practices
  • Perform construction site visits
  • Facilitate resolution of technical challenges and issues during the construction
  • Review contractor invoicing and advise on the release of payments
  • Protect against scope creep
  • Advise on acceptance during testing and commissioning
  • Provide monthly management status updates
09/2017 - 10/2017
IT security operations audit
(Internet and Information Technology)
This client relied on multiple external data center providers for the housing of their business critical IT infrastructure. To gain insight into the level of security at the providers, the client decided to audit the data centers and, more specifically, to evaluate how the providers managed security during their daily operations. The outcome of the study was also intended to be used as a guideline for a possible future ISO 27001 certification.

Main tasks performed:
  • Analysis of the corporate security policies and procedures
  • Audit of the data centers with regards to physical security, looking at infrastructure as well as operations
  • Workshops with stakeholders such as CISO, Security operations manager, IT operations
  • Identification of risks
  • Evaluation of risk levels using the client’s security risk scales
  • Development of report with findings and recommendations
  • Presentation of results and conclusions
08/2017 - 08/2017
HQ physical security audit
(Banks and financial services)
The world’s leading provider of secure financial messaging services decided to conduct an audit of the physical security processes and controls for selected global locations. The client aimed to provide a safe and secure environment for its production activities by implementing appropriate protection for staff and company assets against internal and external threats to their physical security or integrity.

Main tasks performed:
  • Preparation of security audit controls table
  • Physical security policy and site-specific security requirements document review
  • HQ location site risk assessment (Brussels)
  • Workshops with site security stakeholders
  • Listing of identified issues and risks as part of global report
06/2017 - 07/2017
ISO27001 readiness assessment
(Internet and Information Technology)
This IT service provider wanted to improve its information security management and obtain an ISO27001 certificate for the data center services they are providing to public organisations and communes. We helped them take the first steps by assessing their current situation with regards to ISO27001 compliance, performing a maturity scan of the ISO27002 domains and developing the recommendations and next steps towards the implementation of an ISMS, including ISO27001 certification.

Main tasks performed:
  • ISO27001 audit dry-run to establish the baseline in terms of actual compliance with the standard (requirements are either: not met, partially met, met to a large extent, met)
  • Organising workshops covering the 14 ISO27002 domains
  • Maturity assessment of all domains using CMMI maturity levels
  • Developing assessment report
  • Presenting report highlights to the management team
01/2017 - 03/2017
Data center strategy and design
(Banks and financial services)
The bank needed to rethink its data center landscape now that the company’s main data center no longer meets the requirements of the Central Bank of Kuwait.

Main tasks performed:
  • Organisation of project workshops including:
    • Business and IT strategy
    • IT environment
    • Security policy
    • Building existing infrastructure systems
    • Monitoring and management
  • Data center target location site visit and assessment
  • Development of formal statement of requirements with regards to reliability, capacity, scalability and security
  • Development of new data center concept solution design including architectural, electrical system, cooling, racks, data cabling, security systems and monitoring & management systems
  • Development of technical specifications for tendering
  • DR site evaluation
  • Production of data center strategy report
  • Management presentations
  • Procurement guidance
09/2016 - 12/2016
IT strategy
(Public service)
A governmental holding company in Dubai wanted to create a department acting as shared IT service provider for all its subsidiaries. This required the consolidation of several existing IT environments from different group companies spread across multiple data centers.

Main tasks performed:
  • Data gathering workshops
  • Data center site visits and assessment
  • Development of new data center landscape
  • Definition of new data center requirements
  • Data center provider evaluation
01/2015 - 03/2015
Design of a flexible data center
(Banks and financial services)
The bank wanted to build a new future-proof data center to support its IT department which was growing towards becoming a service provider for different group entities.

Main tasks performed:
  • Validation of the company’s IT strategy
  • Review of new building design documents
  • Alignment of data center scope with general building contractor
  • Data center solution design (architectural, electrical, cooling, racks, datacabling, security, monitoring)
01/2013 - 12/2013
Building a bank’s new main data center and disaster recovery site
(Banks and financial services)
This bank invested in a new main production data center while at the same time implementing a small remote disaster recovery site for its critical applications. The new infrastructure was implemented in less than a year, vastly improving the reliability of the IT systems supporting their 193 branches serving their clients.

Main tasks performed
  • Detailed solution design for main data center as well as disaster recovery server room
  • Data centers construction (turnkey solution including civil works, electrical, cooling, security, racks, monitoring and cabling)
  • Testing and commissioning

Certifications

ISO27001 Lead Implementer
PECB
2023
ISO31000 Lead RIsk Manager
PECB
2023
ISO22301 Lead Implementer
PECB
2021
Prince2 Practitioner
Axelos
2021
AWS Certified Solutions Architect
AWS
2021
EPI Certified Data Centre Professional
EXIN
2018
CISSP
ISC2
2017

Local Availability

Open to travel worldwide
Profileimage by Dick vanBladel Senior IT Consultant ISO27001 - ISO22301 from Keerbergen Senior IT Consultant ISO27001 - ISO22301
Register