Security Architect & Advisor

Remco Vaal

Bridging technical delivery with risk, governance, and regulatory requirements — translating strategy into standards, architectures, and roadmaps.

CISSP CCSP AAISM CCTZ CCSK ISO 27001 LI ArchiMate
View engagements Contact
25+
Years in security
14+
Engagements since 2022
14
Core skill domains
20+
Certifications held
01

Who I am

Passionate information security professional with a broad and deep technical background, built over decades of hands-on experience across diverse environments and roles. Brings genuine enthusiasm to the field and explains complex security topics in accessible, practical terms — to engineers and board members alike.

A natural integrator who brings together regulatory obligations, privacy principles, industry standards, and business objectives into coherent, complete, and operationally effective security programs — whether shaping a single project or building an organisation-wide InfoSec program.

Actively follows emerging trends and quickly adopts new technologies, applying AI tooling effectively and responsibly to accelerate security work. Equally comfortable in technical deep-dives and strategic conversations — consistently focused on enabling the business rather than blocking it. Known for pragmatic, outcome-focused programs that are not just compliant, but efficient and fit for purpose.

Location
Hellevoetsluis, Netherlands
Available as
Independent consultant / contractor
Email
info@vaal-consulting.nl
Mobile
+31 6 11 85 81 03
Languages
Dutch (native) · English (C1 fluent)
02

Core Skills

Ranked by engagement frequency across clients. These reflect where demand has been strongest — not the boundaries of expertise.

# Domain Scope Roles
01 Governance, Policy & Frameworks Control frameworks (ISO, NIST, CIS, ISF), policy lifecycle, control mapping & validation, governance structures
CISOTISO
02 AI Security & Governance AI risk frameworks, EU AI Act alignment, securing AI systems and pipelines, AI threat modeling, responsible AI governance
ESACISOAdvisor
03 Privacy & Data Protection GDPR compliance programs, privacy-by-design, DPIA, international data governance, integration with security architecture and regulatory frameworks
TISOCISOESA
04 Regulatory & Compliance DORA, NIS2, PCI DSS, GDPR: gap analysis, obligation mapping, remediation roadmaps
CISOTISO
05 Zero Trust & Identity Zero Trust strategy, ZTA, IAM/PAM, CASB/MCAS, Conditional Access, identity-first patterns
ESASSA
06 Supplier / Third-Party Assurance TPRM, supplier clauses, SOC/ISAE/ISO evidence review, assurance findings management
TISOCISO
07 DevSecOps & Secure SDLC Secure SDLC, CI/CD controls (SAST/DAST/SCA), code review governance, pipeline hardening
SSATISO
08 Security Architecture & Design Target-state architectures, reference patterns, security-by-design, architectural decision records, design reviews
ESASSA
09 Risk & Decision Support Decision papers, options analysis, risk trade-offs, executive advisory, risk acceptance governance
CISOESA
10 Network Security & SASE SASE adoption, SD-WAN migration, segmentation, NDR, secure connectivity design
ESASSAAdvisor
11 SOC / SIEM / Detection SIEM/SOAR build-out, logging standards, use-case lifecycle, MSSP onboarding, Blue Team strategy
SSAESA
12 Vulnerability Mgmt / CTEM CTEM roadmaps, prioritisation models, remediation workflows, operating models & dashboarding
TISOESASSA
13 Applied AI & Security Tooling Effective and responsible use of AI in security work; AI-assisted analysis, threat modeling, documentation and solution design; evaluating AI tool risk
ESAAdvisorCISO
14 Security Process Design & Optimisation Mapping and improving security processes; troubleshooting complex security issues; designing pragmatic, efficient operating models across security domains
All roles
03

Consulting Engagements

Independent consulting — March 2022 to present
04

Technologies & Tools

Technologies, frameworks and tools encountered across engagements — used, evaluated or considered in solution design. Not an exhaustive list; reflects real project exposure.

Identity & Access / Zero Trust
  • Microsoft Entra ID (Conditional Access, PIM, B2B)
  • CyberArk — PAM, vaulting, session recording
  • BeyondTrust PAM / EPM
  • Delinea (Thycotic / Centrify)
  • HashiCorp Vault — secrets & machine identity
  • ZScaler ZPA / ZIA / ZDX — ZTNA & SSE
  • Palo Alto Prisma Access / SASE
  • CATO Networks — single-vendor SASE
  • Aryaka SD-WAN / Managed SASE
  • Microsoft Authenticator / MFA
Detection & Response / SOC
  • Microsoft Sentinel — SIEM / SOAR
  • Splunk Enterprise Security
  • IBM QRadar
  • Elastic SIEM
  • Palo Alto Cortex XSIAM / XSOAR
  • CrowdStrike Falcon — EDR / XDR
  • SentinelOne Singularity — EDR
  • Microsoft Defender XDR / for Endpoint
  • Vectra AI — NDR / AI detection
  • Darktrace — autonomous AI detection
  • ExtraHop Reveal(x) — NDR
  • SecureWorks Taegis / Red Cloak
Vulnerability & Exposure Management
  • Tenable One / Tenable.io / Nessus
  • Qualys VMDR / TruRisk / CAASM
  • XM Cyber — exposure management
  • Palo Alto Cortex Expanse (EASM)
  • Wiz — cloud-native ASM / CSPM
  • Ivanti — patch & lifecycle management
  • Heimdall — CTEM-aligned VM
  • Pentera / AttackIQ / SafeBreach — BAS
  • Microsoft Defender for Endpoint (RBVM)
  • ServiceNow CMDB / Flexera One
Cloud & Application Security
  • Microsoft Defender for Cloud Apps (MCAS/MDCA)
  • Microsoft Purview — DLP / classification
  • Microsoft Azure — hosting, security, IAM
  • Microsoft 365 / Exchange Online / SharePoint
  • CheckMarx — SAST / DAST / SCA
  • CodeQL / GitHub Advanced Security (GHAS)
  • Proofpoint / Mimecast — email security
  • Docker / Kubernetes / AKS — container security
  • DataDog — pipeline monitoring
Network Security
  • Palo Alto NGFW / Panorama
  • Checkpoint NGFW
  • Fortinet FortiGate / Secure SD-WAN
  • Cisco Firepower / ISE / Meraki
  • Cloudflare One — SSE
  • Netskope — SSE / CASB
  • Microsoft Azure WAN / DNS
  • LEO Satellite (Starlink / OneWeb)
Frameworks & Methodologies
  • ISO 27001 / 27002, NIST CSF 2.0, CIS v8
  • DORA, NIS2 / Cyberbeveiligingswet, GDPR
  • NIST SP 800-53r5 / 800-37r2 (RMF)
  • SABSA, TOGAF, Zachman, ArchiMate
  • MITRE ATT&CK / D3FEND, Cyber Kill Chain
  • TIBER-EU / DORA TLPT
  • IEC 62443 — OT/ICS security
  • OWASP Top 10 / ASVS / Testing Guide
  • ISF Standard of Good Practice (SoGP)
  • SCF — Secure Controls Framework
05

Employment History

11/2021 – 03/2022
KPMG NL
Senior IT Security Advisor
03/2021 – 10/2021
SimplifyNow
Security Architect
07/2020 – 02/2021
Damen Schelde Naval Shipbuilding
Cyber Security Lead
10/2019 – 06/2020
citizenM
Information Security Manager
12/2018 – 09/2019
Quality
Security Architect
12/2012 – 11/2018
HMSHost International
Manager Network & Security
05/2008 – 11/2012
Peopleware ICT Solutions (Icento)
Network & Security Consultant
02/2007 – 04/2008
Novisource – Microsoft Services
Network & Security Specialist
02/1999 – 01/2007
DataBalk / Quality & Results
Junior → Senior Network & Security Specialist / Architect
06

Credentials & Certifications

Certified Information Systems Security Professional (CISSP) — ISC²
No. 77541 · Certified 2005
Certified Cloud Security Professional (CCSP) — ISC²
No. 77541 · Certified 2023
Advanced in AI Security Management (AAISM) — ISACA
Certified 2026
CSA Certificate of Competence in Zero Trust (CCTZ)
Certified 2026
CSA Certificate of Cloud Security Knowledge (CCSK)
Certified 2026
Zero Trust Strategy Certificate — ISC²
In progress
ISO 27001 Lead Implementer
November 2024
ArchiMate Foundation & Practitioner
Certified 2022–2023
DevSecOps Professional — CI/CD Security
Certified 2023
SABSA Chartered Foundation (SCF)
Certified June 2019
CCNP Security — Cisco
Certified 2010 (expired 2022)
PCI DSS Internal Security Assessor (ISA)
No. 802-090 · Certified 2013
PCI Professional (PCIP)
Code 1002-797 · Certified 2013
eCPPT — Certified Penetration Tester
Certified 2011
NIST Cybersecurity Framework
Certified March 2022
Prince II Foundation
Certified 2007
07

Domain Coverage

Governance & Resilience
  • GRC & Control Frameworks
  • Security Architecture & Engineering
  • Vulnerability Management
  • Business Continuity & Resilience
  • Third-Party / Supply Chain Security
Solution Design & Implementation
  • Identity & Access Management
  • SecOps / SOC
  • Application Security
  • Cloud Security
  • Network Security
  • Endpoint & Workplace Security
  • Data Security & Privacy
  • AI Security
  • DevSecOps & Platform Security
  • OT/ICS & IoT Security
Coordination & Assurance
  • Cryptography & Key Management
  • Threat Intelligence & Modeling
  • Security Testing & Assurance
  • Physical Security
  • Security Awareness & Human Factors
  • Fraud & Digital Risk
08

Education & Languages

Education
1999
HBO — Hogere Informatica Cum Laude
Hogeschool 's-Hertogenbosch — HTS, differentiation Telematica
1995
MTS — Process Automation
Crabeth College, Gouda
1991
MAVO
Malsna-MAVO, Geldermalsen
Languages
Dutch Mother tongue
English C1 — Fluent spoken & written
09

Professional Memberships

Industry Bodies
  • ISC² — International group & Dutch chapter
  • ISACA — International group & Dutch chapter
  • The Open Group — Open, vendor-neutral technology standards
  • SABSA — Enterprise Security Architecture
  • IAPP — International Association of Privacy Professionals
CSA — Cloud Security Alliance
  • International group & Dutch chapter
  • Working group: Zero Trust
  • Working group: Cloud Controls Matrix
  • Working group: Identity & Access Management
  • Working group: Security Control Catalog
Advisory Board
  • Aryaka Technical Advisory Board — SD-WAN & SASE
10

Get in touch

Available for security architecture and advisory engagements — enterprise, regulated environments, and complex transformation programs.

Current availability
Open to new engagements. Currently active at KPN and Geldmaat. Contact to discuss scope, timing, and fit.
Email info@vaal-consulting.nl
Mobile +31 6 11 85 81 03
LinkedIn linkedin.com/in/remcovaal