Thomas van der Berg is a certified security professional (OSCP, 2018; CEH, 2016) from Leeuwarden, the Netherlands.

Experienced with testing web applications and IT infrastructure, and writing detailed and understandable reports about security issues he found. He also has a background in programming (worked mostly on projects with JavaScript, C, C# and Python). and is a big fan of Linux and free/open source software.

Working in IT security since september 2016. Some stuff I usually do at work:

  • Hacking web applications
  • Taking over servers
  • Writing reports on security findings
  • Creating awareness with presentations and giving training about IT security
  • Reviewing source code to find security issues
  • Bypassing firewalls with SSH, stunnel, etc.
  • Angering security officers

Some of the hacking tools I have experience with:

  • Kali Linux
  • nmap
  • Burp Suite
  • Metasploit
  • Making my own exploit scripts
  • lots of smaller tools

Programming / sysadmin related:

  • Multiple programming languages (for instance JavaScript, C, C#, Python, Bash, and Go)
  • Makefiles, git, Maven, IntelliJ, etc. etc.
  • Firewall configuration with iptables
  • Configuring web servers (nginx, HTTPS, PHP, MySQL, Systemd, etc.)
  • Doing all of the above… in the cloud ;)

Company profiles worked for so far:

  • International bank
  • International insurer
  • Local media company

I’m interested in independent assignments as well. If you have a website or company and would like me to review the security or try to hack into it, send me a mail! See contact info below.


Things I like include:

  • History
  • Linux
  • Free and open source software
  • (Old) games and Let’s Plays
  • Music (especially classical, and 8-bit)
  • Cats
  • (Offline & online) human rights
  • Travelling

I made this site with Jekyll, which is a cool framework. I don’t need dynamic content! If you want to comment on a post of mine, e-mail me or send me a Twitter message (I don’t post much on Twitter but I actively check it).

See also Projects.

My contact info is on the bottom of every page. Send me a mail with an interesting offer! No I’m not interested in your web advertising analytics shizzle!