✅ Thomas Lionel Smets

Cybersecurity consultant

La Hulpe, Walloon Region, Belgium

About

_ 3 year as employee in an IT dept of DEXIA-Bank (it started as Gemeente Krediet / Crédit Communal ... known internal as GKB-CCB). _ 7 years as a IT-consultant (always in Java). Companies : Sydney-Tristar DC, B&V Consultants, Altran,... _ then, for 4 years as Configuration & Release manager for eHR & then for the integration of TAXIPOST into the Parcels workflow of BPost _ After a 6 month break, back at Bpost for 2 years as Senior PM (10-20 people with some near-shores) _ Back in the technical world, with some Java (and too little Python) development ... on Mac, Linux & Windows. I provide an Identity Federation Portal project + Mock Trusted Identity providers & mock shops to use the IDP. _ 5 years in a major bank : Technical release coordination of the unified payment component, coordination of external pentests, ... _ After a 3 years break working part-time in a Cooperative & a Scale up, I am back in the banking sector doing GRC on the Risk management process. Certifications : ISO-27.001 LI (PECB trainer), CISSP (trainer for several companies), ISO-27.034 LI, ... Latest certifications : DevOps , DevSecOps, SRE, (DevOps institute trainer).

Experience

  • Senior Consultant for Secure Development at undisclosed
    Apr 2014 - Present · 12 yrs 4 mos

    Member of the team in charge of monitoring the Quality & Security of applications developed (internally) : • Technical coordination for all the Web Applications Vulnerability Assessments’ on software developed internally (Web application & Mobile android, iOS, WinMobile). • From managing the planning & scopes with the Security Coordinators to coordinating improvement process but also the day to day operational follow up of the Pen tests. • In close collaboration with Global Security, set up practical way to meet all the Security the requirements, while not being a blocking factor. • Ensure the Company’s policies & the best benchmarks are used throughout the process. • Manage the rules used by different tools under our control (sonar, CAST, Fortify) • Second or third line support for some investigation (Splunk or fraud, …). Tools : Fortify, Sonar, Jenkins, SVN, CAST, Archer, Xpolog, Splunk, Nexus, Cast, Sonar, Fortify, Quality Center.

  • CISSP trainer for CertYou at CERTyou, Spécialiste européen de la formation professionnelle certifiante.
    2017 - Present · 9 yrs 7 mos

  • CISSP - ISO-27.xxx Trainer at International Training Network
    Jul 2019 - Present · 7 yrs 1 mo

  • CISSP / ISO-27.001 Trainer at EGILIA
    2011 - Jul 2018 · 7 yrs 7 mos

    Several times each year I give a CISSP training to mid / senior management in Security related division.

  • Application Lead (SPM) at Bpost
    Oct 2010 - Sep 2012 · 2 yrs

    Managing the day-to-day (small upgrades up to 200 md & incidents) of 25 applications (5-7 really heavily active), my role is to allow the team to focus on its main objective : Deliver good service to the internal Customer so they can focus on their work This includes : --> Allow Projects to smoothly impact applications --> Keep a long term focus on the application quality, maintainability, ... ease of use ... --> Pro-actively ensure the applications are continuously upgraded to the latest relevant library / plateform (JVM, App Server) / Monitoring / ... (in collaboration with the Architecture team) --> Ensuring the Incidents are all solved within their respective SLA's Monthly review meetings) --> Ensure clear communication is made with the business of what is going to be delivered, when, base on available staff, Businesses priorities, ... --> Ensuring the external applications/packages are patched / upgraded / monitored ... according to the internal standarts --> Occasionally triggering actions (security, monitoring, library, ... deployment architecture) to ensure that the best approach is maintained / used My previous role of developer & Release Coordinator allowed me to grasp quickly the importance of some details or propose to projects to allow the app to evolve to a next version before trying to implement this or that feature (to avoid developing code that solves issues that would not stand if the version n+1 was to be used).