Hello I'm

Senior Consultant - Cyber Security

Download CV Let's Talk
Diego Borghgraef
Get To Know

About Me

Experience
3+ Years in Cybersecurity
Primary Focus
Defensive Security & Cloud
Certifications
SC-200, AZ-900, CCNA
Education
Bachelor InfoSec - Thomas More
Specializations
6 Security Domains
Sectors
Government, Pharma, Transport

Cybersecurity Consultant with 3+ years hands-on experience in defensive security, cloud infrastructure protection, and offensive security testing.

I spend most of my time securing cloud environments, hunting threats, and breaking into systems to find vulnerabilities before attackers do. Whether it's hardening Azure deployments, responding to incidents on the 24/7 hotline, or running penetration tests, I focus on practical security that actually works. I've worked across government, transport, pharma, and critical infrastructure—dealing with everything from ransomware incidents to OT security assessments.

Contact Me
What I Can Do

Competencies

Skills

ISMS Implementation & Audit

OT Security Assessments

Attack Surface Monitoring & Digital Footprinting

Cloud Security & Kubernetes Assessments

SIEM/SOC Implementation & 24/7 Incident Response

Penetration Testing & Purple Teaming

Soft Skills & Sector Knowledge

Highly adaptable

Problem-solving mindset

Independent working

Team player

Quality oriented

Qualifications

Certifications & Languages

Certifications

  • SC-200
  • AZ-900
  • CCNA

Languages

  • Dutch
  • French
  • English
My Work

Skills & Expertise

Governance

3 years

ISMS audit and implementation expertise across governmental and transport sectors, specializing in ISO standards and NIS2 compliance.

  • ISMS Implementation - Full lifecycle implementation of Information Security Management Systems
  • ISMS Audit - Comprehensive security audits and compliance assessments
  • ISO Audits - ISO 27001/27002 certification support and gap analysis
  • NIS2 (Cyfun) Audits - Network and Information Security directive compliance
  • Risk Management - Risk assessments, treatment plans, and mitigation strategies

Sectors: Government, Transport

OT Security

3 years

Operational Technology security assessments and asset inventorization for critical infrastructure in pharma and food industries.

  • OT Assessment - Security posture evaluation of industrial control systems
  • OT Asset Inventorization - Complete asset discovery and documentation
  • Vulnerability Scanning - Safe scanning methodologies for OT environments
  • Acquisition Support - OT security due diligence for mergers and acquisitions

Sectors: Pharma, Food Industry, M&A Due Diligence

Digital Footprinting

2 years

Developed proprietary Attack Surface Monitoring tool providing comprehensive automated reconnaissance and threat intelligence reporting.

  • Attack Surface Monitoring - Continuous external exposure detection and tracking
  • Custom Tool Development - Built internal ASM platform with domain analysis, breach intelligence, metadata extraction, port scanning, and technology stack review
  • Automation & OCR - Automated document retrieval and processing for large-scale analysis
  • PII Breach Analysis - OCR extraction of personally identifiable information from ransomware breaches
  • Automated Reporting - Comprehensive intelligence reports generated from multi-source data

Sectors: Municipalities, Government, Private Sector

Cloud Security

2 years

Azure and cloud-native security assessments including infrastructure, IAM, and containerization security for government and transport sectors.

  • Cloud Audits - Comprehensive security reviews of cloud environments
  • Cloud Benchmarking - CIS benchmark assessments and compliance verification
  • Technical Reviews - Network architecture, IAM practices, application security
  • Kubernetes Security - Container orchestration and cluster security assessments
  • DevOps Security - CI/CD pipeline security and Infrastructure as Code review
  • Intune Assessments - Endpoint management and mobile device security
  • Contractual Review - Cloud service agreements and SLA analysis

Sectors: Government, Transport

Defensive Security

3 years

Comprehensive defensive security operations from SIEM/SOC implementation to incident response, including 24/7 hotline support and major ransomware case handling.

  • Phishing Campaigns - Custom-built campaigns using Evilginx and Gophish from scratch
  • SIEM Implementation - Microsoft Sentinel deployment and configuration
  • SOC Operations - Security Operations Center analyst and partner services
  • SOAR Automation - Security orchestration and automated response workflows
  • Threat Hunting - Proactive threat detection and investigation
  • Threat Modeling - Risk identification and attack path analysis
  • Forensics Analysis - Digital forensics for major ransomware incidents
  • 24/7 Incident Response - On-call hotline for critical security incidents
  • Remote Security Assessments - Comprehensive security acquisition reviews

Offensive Security

2 years

Penetration testing across web applications, infrastructure, mobile platforms, and physical security assessments.

  • Web Application Pentesting - OWASP Top 10 vulnerability assessment and exploitation
  • Infrastructure Pentesting - Network penetration testing and lateral movement
  • Mobile Pentesting - iOS and Android application security testing
  • Physical Intrusion - Social engineering and physical security assessments
  • Purple Teaming - Collaborative Red/Blue team exercises for detection improvement
Azure Nessus OWASP TryHackMe HackTheBox Burp Suite Wireshark Metasploit Python Kali Linux Nmap GitHub Splunk Sentinel CrowdStrike Azure Nessus OWASP TryHackMe HackTheBox Burp Suite Wireshark Metasploit Python Kali Linux Nmap GitHub Splunk Sentinel CrowdStrike
Get In Touch

Contact

Mobile

+32 (0)470 55 68 36

Email

diego.borghgraef@gmail.com

Languages

Dutch, French, English

Send Message