Kris Oosthoek

Kris Oosthoek

Cyber Security Professional and PhD Candidate


Kris Oosthoek is CTI lead at a government agency in The Netherlands. He is a part-time PhD candidate with the Cyber Threat Intelligence Lab at Delft University of Technology. His research focuses on the extraction of CTI from host and network artifacts. Kris has worked in various technical positions based from the US, UK and Afghanistan. He holds an MSc from Erasmus University and several commercial cyber security certifications such as CISSP, GICSP, GCTI, GXPN, GRID.

  • Cyber Threat Intelligence
  • Malware Analysis
  • Cyber Security
  • Bitcoin
  • PhD in Computer Science, current

    Delft University of Technology

  • MSc in Strategic Management, 2012

    Erasmus University Rotterdam

  • BSc in Informatics, 2010

    Rotterdam University of Applied Sciences


Senior Cyber Security Specialist
Jan 2015 – Present The Netherlands

Responsibilities include:

  • Security Operations and Response
  • Malware and Binary Analysis
  • TIP Technical Management
  • Cyber Threat Intelligence
PhD Candidate
Sep 2018 – Present Delft, The Netherlands
Research into malware evolution, DDoS attacks and blockchain analysis, with delivering useful CTI as a common denominator.


GIAC Cyber Threat Intelligence (GCTI)
Cyber Threat Intelligence practitioner certification from SANS. Covers the basics of CTI (fundamentals of strategic, operational, tactical analysis).
See certificate
GIAC Advanced Penetration Testing and Exploit Development (GXPN)
Advanced penetration testing and exploiting certification from SANS. Covers cryptography exploitation, escaping restricted environments and advanced stack overflows for Windows and Linux.
See certificate
GIAC Response and Industrial Defense (GRID)
Industrial cyber security and threat intelligence certification from SANS. Focuses on forensics, incident response and malware in industrial control environments. Also covers threat analysis for ICS-oriented threats.
See certificate
GIAC Global Industrial Cyber Security Professional (GICSP)
Foundational industrial cyber security certification from SANS around architecture of industrial control systems.
See certificate
Certified Information Systems Security Professional (CISSP)
Managerial certification of bare cyber security fundamentals.
See certificate

Recent Posts

Recent Publications

Quickly discover relevant content by filtering publications.
(2021). Flash Crash for Cash. arXiv.

(2021). Cyber Threat Intelligence: A Product Without A Process?. International Journal of Intelligence and CounterIntelligence.


(2021). From Hodl to Heist. ICBC 2020.


(2021). SoK: ATT&CK Techniques and Trends in Windows Malware. SecureComm 2019.



Average response time 12 hours