Kris Oosthoek

Kris Oosthoek

PhD Candidate Cyber Threat Intelligence

Delft University of Technology

Biography

Kris Oosthoek is CTI lead at a government agency in The Netherlands. He is a part-time PhD candidate with the Cyber Threat Intelligence Lab at Delft University of Technology. His research focuses on the extraction of CTI from host and network artifacts. Kris has worked in various technical positions based from the US, UK and Afghanistan. He holds an MSc from Erasmus University and several commercial cyber security certifications such as CISSP, GICSP, GCTI, GXPN, GRID.

Interests

  • Cyber Security
  • Threat Intelligence
  • Penetration Testing

Education

  • PhD in Cyber Threat Intelligence, current

    Delft University of Technology

  • MSc in Strategic Management, 2012

    Erasmus University Rotterdam

  • BSc in Informatics, 2010

    Rotterdam University of Applied Sciences

Experience

 
 
 
 
 

PhD Candidate

Delft University of Technology

Sep 2018 – Present Delft
Research into cyber threat intelligence from network and host artifacts at the Delft Cyber Threat Intelligence Lab with Christian Doerr.
 
 
 
 
 

Senior SOC Cyber Threat Intelligence Analyst

Dutch National Government

Jan 2015 – Present The Netherlands
Responsibilities include:

  • Threat Intelligence
  • Security Operations
  • TIP Management

Accomplish­ments

GIAC Cyber Threat Intelligence (GCTI)

GIAC May 2018
Cyber Threat Intelligence practitioner certification from SANS. Covers the basics of CTI (fundamentals of strategic, operational, tactical analysis).
See certificate

GIAC Advanced Penetration Testing and Exploit Development (GXPN)

GIAC Aug 2017
Advanced penetration testing and exploiting certification from SANS. Covers cryptography exploitation, escaping restricted environments and advanced stack overflows for Windows and Linux.
See certificate

GIAC Response and Industrial Defense (GRID)

GIAC Jul 2017
Industrial cyber security and threat intelligence certification from SANS. Focuses on forensics, incident response and malware in industrial control environments. Also covers threat analysis for ICS-oriented threats.
See certificate

GIAC Global Industrial Cyber Security Professional (GICSP)

GIAC Jul 2015
Foundational industrial cyber security certification from SANS around architecture of industrial control systems.
See certificate

Certified Information Systems Security Professional

ISC2 May 2015
Managerial certification; bare cyber security fundamentals.

Recent Posts

From Hodl to Heist

How and where do you buy your Bitcoin? Via a P2P marketplace, decentralized exchange, or rather through Coinbase, Binance and the likes? Most people do so via the latter ones. Centralized exchange platforms are compelling to most users as they are easy to use.
Last updated on Mar 31, 2020 3 min read Original Research

ATT&CK Techniques and Trends in Windows Malware

Most cyber security practitioners are by now aware of the Mitre ATT&CK framework and the tremendous potential it holds for increasing the understanding and mitigation of adversary TTPs. Within the Computer Science realm however, the framework has caught less altitude than in the infosec blogosphere.
Last updated on Mar 31, 2020 2 min read Original Research

Recent Publications

From Hodl to Heist: Analysis of Cyber Security Threats to Bitcoin Exchanges

Bitcoin is gaining traction as an alternative store ofvalue. Its market capitalization transcends all other cryptocurrencies in the …
PDF

SoK: ATT&CK Techniques and Trends in Windows Malware

In an ever-changing landscape of adversary tactics, techniques and procedures (TTPs), malware remains the tool of choice for attackers …
PDF Slides Video

Contact

Average response time 12 hours

  • Van Mourikbroekmanweg 6, Delft, 2628 XE
  • DM Me