05/13/2026 updated

**** ******** ****
100 % available

Cybersecurity Expert | Penetration Tester | GRC & Information Security Specialist

New Zealand
Worldwide
Informatics Specialization: Forensic IT (2018-2022)
New Zealand
Worldwide
Informatics Specialization: Forensic IT (2018-2022)

Profile attachments

R.A.A.G. Mataheru Curriculum Vitae English Extended.pdf

ISO 27001ServiceNow Security OperationsActive DirectoryApplication Programming Interfaces (APIs)Penetration TestingCompTIA Advanced Security PractitionerCisco Certified Internetwork Expert Security (CCIE Security)Certified Information Security ManagerCloud Computing SecurityCloud TestingProfilingComplianceCompTIA Security+Computer SecurityData SecurityGIAC Certified Intrusion AnalystGlobal Information Assurance CertificationGIAC Security Essentials CertificationGIAC Security Leadership CertificationReverse Engineering Malware CertificationInformation AssuranceInformation Security ManagementIntelligence AnalysisInternet Protocol Security (IP SEC)Internet SecurityInformation Systems Security Engineering ProfessionalJuniper Networks Certified Internet ExpertNetwork SecurityVulnerability ScanningRole-Based Access ControlAzure Active DirectoryPenetration ToolsPhishingRed Team (Cyber Security)SAP GRCInformation Technology Security AuditingSecurity Support Provider InterfaceUser Provisioning SoftwareVulnerability ManagementWs-SecuritySoftware SecurityQRadarCyber Threat AnalysisAzure Security CenterInsight Segmentation and Registration ToolkitCompTIA Security Analytics Professional (CSAP)MetasploitCybercrimeSentryIT Security SolutionsTesting (Hardware)Microsoft SentinelWindows SecuritySplunkgRPCServicenowStatic Application Security TestingDynamic Application Security Testing
Offensive Security & Penetration Testing
Extensive experience conducting internal and external penetration tests across web applications, networks, APIs, and infrastructure. Hands-on use of tools such as Burp Suite, Metasploit, Cobalt Strike, BloodHound, Nmap, and Bettercap. Execution of red team engagements simulating APTs across full attack chains, including social engineering, phishing campaigns, physical intrusion, and badge cloning.

GRC & Information Security Compliance
Implementation and maintenance of ISMS in accordance with ISO 27001 and ISO 27002. Development of policies and procedures aligned with BIO, NEN 7510, and NIS2 requirements. Management of full lifecycle security risk assessments, GRC tooling (Archer, ServiceNow GRC), vendor risk assessments, and audit readiness for SOC2 Type II.

SOC Operations & Threat Intelligence
Leadership of SOC operations with 24/7 monitoring and incident response capabilities. Deep expertise in SIEM platforms including Microsoft Sentinel, Splunk, QRadar, and Elastic Stack. Application of MITRE ATT&CK framework for threat hunting, detection engineering, and incident classification. Cyber threat intelligence profiling, APT campaign analysis, and threat intelligence platform management using MISP, ThreatConnect, and Anomali.

Threat Modeling
Application of structured methodologies including STRIDE, PASTA, and OCTAVE for systematic threat identification and risk prioritization. Development of threat models for enterprise applications, cloud-hybrid environments, and critical infrastructure. Facilitation of collaborative threat modeling workshops and mapping of identified threats to MITRE ATT&CK framework.

Cloud Security (AWS & Azure)
Alignment of AWS security controls with ISO 27001 and GDPR requirements. Conducting risk assessments and incident response within AWS environments. Familiarity with Azure security ecosystem, Azure Active Directory, and application of role-based access control (RBAC) to enforce least privilege.

Identity & Access Management (IAM)
Deep expertise in IAM frameworks and best practices. Definition and enforcement of least privilege access policies, implementation of multi-factor authentication (MFA), management of role-based access controls (RBAC) on-premises and in cloud environments, and oversight of secure user provisioning, access reviews, and audit logging.

Business Continuity Management (BCM) & NIS2 Strategy
Building of BCM frameworks and establishing NIS2 strategy for organizations. Contribution to risk assessments, BCM planning, and incident response simulations in alignment with public-sector compliance standards.

Stakeholder & Supplier Management
Coordination of communication and agreements with suppliers on security requirements. Advising project teams and stakeholders on required security measures and risks. Reporting to management on progress and results of security initiatives.

Languages

EnglishFluentDutchNative speaker

Project history

Co-founder & Owner

NorthNet
Supporting organizations where technology and strategy intersect. Conducting 1-on-1 sessions to unearth risks and set real-world steps towards digital resilience. Building BCM frameworks, establishing NIS2 strategy, technical deployment, red teaming, executive counsel, and code review. Independent consulting, technical guidance, and out-of-the-box solutions.

Stream Lead Cybersecurity / Project Lead Cybersecurity

ASML
Worked at ASML through consultancy, guiding project teams and stakeholders. Responsible for coordinating penetration tests, part of the IRB assessment committee, reshaping the GRC framework and validating all requirements. Stakeholder and supplier management, security control on implementation of changes in the project phase, and reporting results to management. Conducted threat landscape analysis specific to semiconductor industry threats, planned and supervised penetration tests, expanded GRC tool implementation, and supervised projects for internal and external security requirements.

Managing Partner

SALT/SPICE Cybersecurity
Responsible for daily management and strategic growth of the red team. Wrote the business plan, involved in growth strategy and new services. Guided a team of ethical hackers. Performed internal and external penetration tests, phishing campaigns, Mystery Guest assessments, and physical security assessments. Ensured implementation of security measures, kept information policy up to date, and facilitated security checks at suppliers. Reported to management and was actively involved in research and development.

Contractor

Europol
Specifics are classified. Experience added to technical skills.

Consultant IT Security (Pentester, Head of Phishing)

LBVD Consultancy B.V.
Executed external and internal penetration tests (open ports, OSINT, known vulnerabilities, OS and out-of-the-box applications, privilege check, guest network, password policy). Responsible for phishing campaigns (intake, create, execute, report). Executed Mystery Guest assessments (planning, interacting with employees, badge cloning, assessing clean desk/clear screen policy compliance, documenting and presenting findings). Research and Development.

Pentester

REQON Security
Executed external and internal penetration tests (open ports, OSINT, known vulnerabilities in internet-facing applications, OS and out-of-the-box applications, privilege check, guest network, password policy). Research and Development. Reporting and setting up report templates. Creating the in-house template.

Pentester

Informatiebeveiliging Nederland
Executed external and internal penetration tests (open ports, OSINT, known vulnerabilities in internet-facing applications, OS and out-of-the-box applications, privilege check, guest network, password policy). Executed Red Team assessments (phishing, host exploitation, privilege escalation). Giving hacking demonstrations. Research and Development.

Security Analyst

Dearbytes
Analyzing network traffic, analyzing threat landscape, and setting up Use Cases.

Contact form

Log in to get in touch

You need to be logged in to use the contact form.

Sign upLog in