Curriculum Vitae (EN)

Clicking Print in your browser renders a printable CV without the headers and menus.

Personal Details

Koen Van Impe

Koen Van Impe

Koude Keukenstraat 34, 8200 Brugge, Belgium
+32 476 98 12 10
koen . vanimpe @ cudeso . be

SIM3 auditor

born in Antwerp, Belgium on February 14th, 1974


to work in a motivating environment with room for innovation and research


Professional Bachelor ICT

from 1997 to 2000, graduate informatics
C.V.O., Materiaalstraat 67, 1070 Anderlecht

thesis : Petrarca, a knowledge database (written in Visual Foxpro 6)


from 1992 to 1994, Bachelor Applied Computer Sciences (studies stopped because of family reasons)
Vrije Universiteit Brussel

High School

from 1986 to 1992
Sint-Niklaasinstituut, Bergensesteenweg, 1070 Anderlecht

Trainings and conferences

Computer security

TF-CSIRT / FIRST conferences since 2004
GRID GIAC Response and Industrial Defense since July 2021
SIM3 – CSIRT Maturity Model by OpenCSIRT, September 2019
GCTI GIAC Cyber Threat Intelligence since June 2018
GREM GIAC Reverse Engineering Malware since January 2018
GWEB GIAC Certified Web Application Defender since August 2014
GPEN GIAC Penetration Tester since September 2013
GWAPT GIAC Web Application Penetration Tester since September 2012
Sans ICS515, ICS Active Defense and Incident Response (Sans Institute – Online April 2021)
Sans FOR610, Reverse-Engineering Malware (Sans Institute – Copenhagen October 2017)
Sans FOR578, Cyber Threat Intelligence (Sans Institute – Prague October 2015)
Sans DEV522, Defending Web Applications Security Essentials (Sans Institute – Orlando April 2014)
Sans SEC560, Network Penetration Testing and Ethical Hacking (Sans Institute – Amsterdam April 2013)
Sans SEC542, Web App Penetration Testing and Ethical Hacking (Sans Institute – Amsterdam May 2012)
Sans SEC503, Intrusion Detection In-Depth (Sans Institute – Amsterdam November 2005)
Computer Security Incident Handling (Terena – Paris Februari 2005)
Sans SEC504, Hacker Techniques, Exploits and Incident Handling (Sans Institute – Amsterdam September 2004)
Checkpoint NG (Ubizen – (IWT internal training 17 and 18 November 2003)

Software development

UML (2002), JavaScript (2001), Java (2001), MS-1013 – VB 6.0 development (2000), MS-1303 – VB 6.0 fundamentals (2000)

System- and network administration

TCP/IP and firewalls (2006, 2001), Microsoft Internet Information Server 4.0 (2001), Microsoft Windows 2000 Server (2000), Microsoft SQL-Server 7.0 (2000), Microsoft NT-server 4.0 (1999)


Dutch : native language
French : fluent
English : fluent
German : basic understanding

Professional Records

Freelance Security – CSIRT / Threat Intelligence

from April 2000 until present –
Freelancer security services related to CSIRT and Threat Intelligence work. This includes incident response, incident coordination, threat intelligence, vulnerability management and security best practices.

Incident Response & Threat Intelligence

from June 2019 until present

ICT Security Consultant

from September 2016 until present

Security Consultant- Incident Response

from December 2017 until September 2019

Threat Management Security Consultant

from September 2016 until end of December 2016
Belfius Bank

Security Analyst

from July 1st 2004 until June 30th 2016
Belnet-CERT /, Louizalaan 231, 1050 Brussel
Belnet is the Belgian national research network that provides high-bandwidth Internet connection to Belgian universities, colleges, schools, research centers and government departments. is the national Computer Emergency Response Team for Belgium.

I worked for Belnet as a Security Analyst for the national Computer Emergency Response Team ( and the CERT for the Belnet network (Belnet-CERT). I did incident response, triage, security awareness, threat monitoring, threat intelligence and vulnerability assessments. I was involved with network forensics, log analysis and provided recommendations and best practices for improving the security of the Belgian constituency. I developed scripts in PHP/Mysql and Python for the improvement of the and Belnet-CERT processes. I managed security projects at

Developer / Security contact / System Engineer

from April 1st 2000 until June 30th 2004
IWT-Vlaanderen, Bischoffsheimlaan 25, 1000 Brussel
The “Instituut voor Innovatie door Wetenschap en Technologie (IWT)” is a government agency founded in 1991 by the Flemish Government and supports projects for technological innovation in Flanders.
As a member of a team, I was responsible for the management of servers in a mixed Windows / Linux environment with different end user services. Additionally we managed and supported the local network with approx. 120 workstations. My primary responsibilities consisted of the management of the different internet services (webserver, firewall, proxy, dns) and the computer security.
I also developed web applications in ASP and acted as a backup for user-support.

System and User support / Developer

from July 1st 1998 until end of March 2000

TML BVBA, Bosstraat 103, 1742 Sint-Katharina-Lombeek (Ternat)
TML is a company that develops accountancy software (written in Foxpro) and that provides computer infrastructure for small and medium sized companies.
I was responsible for the user support and the installation of (mainly Windows) systems. Occasionally I developed small customer utilities in Foxpro.



CSIRT management and development
CSIRT maturity measurement and improvement
Incident response and incident coordination
Best practices, incident response and security monitoring in industrial environments
Designing and developing incident response plans, playbooks and automation scripts
Guidance on CSIRT and law enforcement cooperation
Digital forensics. Forensic investigations. Forensic investigation guidance
Build threat intelligence programs and best practices for dealing with threat intelligence
Develop guidelines for threat landscape monitoring
Assist in the collection, processing and analysis of threat intelligence
Design connected and distributed MISP architectures
Integration of MISP with prevention, detection, analysis and response platforms
Development of MISP enrichment modules and workflow automation processes with PyMISP
MISP threat feed integrations
Hands-on MISP training for threat intelligence analysts and system administrators
Vulnerability management and vulnerability scanning
Securing networks, services and applications



Contributor to IBM Security Intelligence, Ipswitch and MISP project

Various blog posts on security topics


Liaison member with FIRST, the Forum of Incident Response and Security Teams.

SIM3 Auditor, CSIRT Security IncidentManagement Maturity Model.

Open Source projects

Contributed to open source projects via (PyMISP, MISP modules, Spiderfoot, …) and maintainer of OSINT feed, integrated in MISP.


Literature (primarily science fiction), music, movies, travelling and modern art
Testing and evaluating new operating systems, security tools and software

Drivers licence