Kris Oosthoek

Kris Oosthoek

PhD Candidate Cyber Threat Intelligence

Delft University of Technology

Biography

Kris Oosthoek is CTI lead at a government agency in The Netherlands. He is a part-time PhD candidate with the Cyber Threat Intelligence Lab at Delft University of Technology. His research focuses on the extraction of CTI from host and network artifacts. Kris has worked in various technical positions based from the US, UK and Afghanistan. He holds an MSc from Erasmus University and several commercial cyber security certifications such as CISSP, GICSP, GCTI, GXPN, GRID.

Interests

  • Cyber Security
  • Threat Intelligence
  • Penetration Testing

Education

  • PhD in Cyber Threat Intelligence, current

    Delft University of Technology

  • MSc in Strategic Management, 2012

    Erasmus University Rotterdam

  • BSc in Informatics, 2010

    Rotterdam University of Applied Sciences

Experience

 
 
 
 
 

PhD Candidate

Delft University of Technology

Sep 2018 – Present Delft
Research into cyber threat intelligence from network and host artifacts at the Delft Cyber Threat Intelligence Lab with Christian Doerr.
 
 
 
 
 

Senior SOC Cyber Threat Intelligence Analyst

Dutch National Government

Jan 2015 – Present The Netherlands
Responsibilities include:

  • Threat Intelligence
  • Security Operations
  • TIP Management

Accomplish­ments

GIAC Cyber Threat Intelligence (GCTI)

GIAC May 2018
Cyber Threat Intelligence practitioner certification from SANS. Covers the basics of CTI (fundamentals of strategic, operational, tactical analysis).
See certificate

GIAC Advanced Penetration Testing and Exploit Development (GXPN)

GIAC Aug 2017
Advanced penetration testing and exploiting certification from SANS. Covers cryptography exploitation, escaping restricted environments and advanced stack overflows for Windows and Linux.
See certificate

GIAC Response and Industrial Defense (GRID)

GIAC Jul 2017
Industrial cyber security and threat intelligence certification from SANS. Focuses on forensics, incident response and malware in industrial control environments. Also covers threat analysis for ICS-oriented threats.
See certificate

GIAC Global Industrial Cyber Security Professional (GICSP)

GIAC Jul 2015
Foundational industrial cyber security certification from SANS around architecture of industrial control systems.
See certificate

Certified Information Systems Security Professional

ISC2 May 2015
Managerial certification; bare cyber security fundamentals.

Recent Posts

What's wrong with Cyber Threat Intelligence

Over the last decade the field of Cyber Threat Intelligence (CTI) has emerged, which aims to preempt cyber threats by combining aspects from Computer Science and the Intelligence field. Something like Risk Management, but less dusty, practical, operational and able to deal with a highly dynamic environment.
Last updated on Jul 15, 2020 5 min read Original Research

Security Recommendations for Bitcoin hodlers

As follow-up on my Cryptocast appearance, some security recommendations for Bitcoin hodlers that don’t break the bank (your own bank).
Last updated on Apr 8, 2020 7 min read Blog

BNR Cryptocast

Cryptocasters! Het valt voor @Misssbitcoin en @hmblank @BNR niet altijd mee een podcast te maken vanuit huis, met gasten op afstand. Maar toch weer mooi als het lukt. Met @f00th0ld, die onderzoek deed @tudelft naar gehackte #exchanges.
Last updated on Apr 3, 2020 1 min read Media

From Hodl to Heist

How and where do you buy your Bitcoin? Via a P2P marketplace, decentralized exchange, or rather through Coinbase, Binance and the likes? Most people do so via the latter ones. Centralized exchange platforms are compelling to most users as they are easy to use.
Last updated on Mar 31, 2020 3 min read Original Research

ATT&CK Techniques and Trends in Windows Malware

Most cyber security practitioners are by now aware of the Mitre ATT&CK framework and the tremendous potential it holds for increasing the understanding and mitigation of adversary TTPs. Within the Computer Science realm however, the framework has caught less altitude than in the infosec blogosphere.
Last updated on Apr 1, 2020 2 min read Original Research

Recent Publications

Cyber Threat Intelligence: A Product Without A Process?

Abstract not available as the journal does not use it. Read the full article here and the accompanying blog post here.
DOI

From Hodl to Heist: Analysis of Cyber Security Threats to Bitcoin Exchanges

Bitcoin is gaining traction as an alternative store ofvalue. Its market capitalization transcends all other cryptocurrencies in the …
PDF

SoK: ATT&CK Techniques and Trends in Windows Malware

In an ever-changing landscape of adversary tactics, techniques and procedures (TTPs), malware remains the tool of choice for attackers …
PDF Slides Video

Contact

Average response time 12 hours

  • Van Mourikbroekmanweg 6, Delft, 2628 XE
  • DM Me