Thomas van der Berg is a certified security professional (OSCP, 2018; CEH, 2016) from Leeuwarden, the Netherlands.

Interview with me on the Yacht blog (2018, Dutch)

Experienced with testing web applications and IT infrastructure, and writing detailed and understandable reports about security issues he found. He also has a background in programming (worked mostly on projects with JavaScript, C, C# and Python). and is a big fan of Linux and free/open source software.

Working in IT security since september 2016. Some stuff I usually do at work:

  • Hacking web applications
  • Taking over servers
  • Writing reports on security findings
  • Creating awareness with presentations and giving training about IT security
  • Reviewing source code to find security issues
  • Bypassing firewalls with SSH, stunnel, etc.
  • Angering security officers

Some of the hacking tools I have experience with:

  • Kali Linux
  • nmap
  • Burp Suite
  • Metasploit
  • Making my own exploit scripts
  • lots of smaller tools

Programming / sysadmin related:

  • Multiple programming languages (for instance JavaScript, C, C#, Python, Bash, and Go)
  • Makefiles, git, Maven, IntelliJ, etc. etc.
  • Firewall configuration with iptables
  • Configuring web servers (nginx, HTTPS, PHP, MySQL, Systemd, etc.)
  • Doing all of the above… in the cloud ;)

Company profiles worked for so far:

  • International bank
  • International insurer
  • International retailer
  • Local media company

I’m interested in independent assignments as well. If you have a website or company and would like me to review the security or try to hack into it, send me a mail! See contact info below.


Things I like include:

  • History
  • Linux
  • Free and open source software
  • (Old) games and Let’s Plays
  • Music (especially classical, and 8-bit)
  • Cats
  • protecting human rights (Offline & online)
  • Travelling
  • Learning Chinese

I made this site with Jekyll, which is a cool framework. I don’t need dynamic content! If you want to comment on a post of mine, e-mail me or send me a Twitter message (I don’t post much on Twitter but I actively check it).

See also Projects.

My contact info is on the bottom of every page. Send me a mail with an interesting offer! No I’m not interested in your web advertising analytics shizzle!