Steven Goossens, Cybersecurity Specialist and Developer in Lokeren, Belgium
Steven Goossens

Cybersecurity Specialist and Developer in Lokeren, Belgium

Member since October 20, 2020
Steven is a seasoned consulting professional and cybersecurity specialist with a demonstrated history of working in telecommunications. His expertise includes threat intelligence, computer forensics, incident monitoring, and response and security architecture. Steven holds multiple certifications in his field including GIAC Certified Intrusion Analyst (GCIA) from the SANS Institute and Certified Information Systems Security Professional (CISSP) from (ISC)².
Steven is now available for hire



  • Cybersecurity 10 years
  • Security 10 years
  • Network Security 10 years
  • Incident Response 8 years
  • Security Monitoring 8 years
  • SIEM 8 years
  • Elastic 5 years
  • Malware Analysis 5 years


Lokeren, Belgium



Preferred Environment


The most amazing...

...thing I've done is to discover and analyze an APT attack and then rebuild the core infrastructure and start a security program for a large company.


  • Cyber Defense Security Architect

    2021 - PRESENT
    • Introduced the SOAR platform with associated playbooks that map to the company's incident response processes.
    • Migrated the SIEM platform, including all log sources, use cases, and more.
    • Provided assistance in various security incident and threat intelligence topics.
    Technologies: Python, Splunk, XSOAR, SOAR
  • SIRT Team Member (Security Incident Response)

    2019 - 2021
    Contract at SIX Payments
    • Assisted the SIRT team in refining and maturing their incident monitoring and response processes.
    • Helped the QRadar project team determine which logs to collect, how to interpret them, and what use cases to build.
    • Performed security big data analyses using the ELK stack.
    • Handled incidents, which included prioritizing incidents, performing complex incident analysis, documenting findings, research, and so on.
    Technologies: ELK (Elastic Stack), Incident Response, Security
  • Cybersecurity Technical Program Lead

    2018 - 2018
    • Led and was responsible for IT security which included establishing various incident responses and processes.
    • Served as the team lead on project teams handling various security projects.
    • Advised on a range of cybersecurity issues and topics.
    Technologies: Cybersecurity
  • Security Architect

    2017 - 2018
    • Managed and was responsible for the overall IT security plan.
    • Defined the IT security roadmap as well as other accompanying tasks.
    • Advised on the implementation of security in various IT projects.
    Technologies: IT Security
  • CSIRT Specialist

    2014 - 2017
    • Built out the security incident response team in terms of processes and technology.
    • Managed different security incidents, from PR incidents to compromised devices that required forensic analysis.
    • Implemented a SIEM solution for security monitoring.
    • Performed threat analyses for new and emerging cases to evaluate how they could affect Proximus. This included forensic investigations where applicable, documentation of analysis findings, researching threat actors, and so on.
    • Performed a technical analysis of new vulnerabilities.
    • Liaised with third parties (other telecom operators, security actors, equipment vendors) to gather intelligence about emerging threats and vulnerabilities. Took appropriate actions with relevant teams to limit risk and exposure.
    • Collected and generated statistical incident information and build. reporting and regularly presented the reporting information to higher management.
    • Initiated and participated in expert reviews with engineering and monitoring teams to improve the security architecture for critical environments, monitoring tools,. security processes, cyber defense strategies, and so on.
    Technologies: Elastic, Incident Response, SIEM, Network Security, Networks, Cybersecurity, Python
  • Solution Engineer, Security

    2012 - 2014
    Belgacom (now Proximus)
    • Consulted on infrastructure engineering for ArcSight SIEM infrastructure (logger, connectors, connector appliance, ESM Express 4.0).
    • Provided content engineering for ArcSight SIEM and support in the monitoring and analysis of security incidents.
    • Investigated, contained, and remediated major and minor security incidents.
    • Created secure network designs and engineered the security infrastructure (Check Point, Juniper, Blue Coat) as well as advising about IT security on projects.
    Technologies: Networks, Incident Response, Elastic, Network Security, SIEM, Python, Cybersecurity, IT Security
  • ICT Security Consultant

    2010 - 2012
    Ernst & Young (EY)
    • Managed different short-term audit engagements to determine the general state of IT security.
    • Ran an engagement to create a network segmentation strategy for a large Telco in Belgium.
    • Performed an audit for the ISO27001 certification of a public organization based in Belgium.
    • Developed security roadmaps to improve technical security within large organizations.
    • Performed network security reviews for various smaller organizations in Belgium.
    Technologies: IT Security


  • SIEM Implementation

    I implemented the SIEM (security information and event management) solution at Proximus, which required log source onboarding, platform scaling & engineering, development of security use cases, and integrations with different products to enable a full IR workflow.


  • Tools

    Elastic, ELK (Elastic Stack), Splunk
  • Paradigms

  • Platforms

    Malware Information Sharing Platform (MISP), Windows
  • Industry Expertise

    Telecommunications, Cybersecurity, Network Security, Security, IT Security
  • Other

    Networks, SIEM, Incident Response, Security Monitoring, Digital Forensics, Event Management, Information Security, Security Architecture, Firewalls, IDS/IPS, Threat Intelligence, Threat Hunting, SecOps, IT Infrastructure, Malware Analysis, SOAR, Cloud Security, Data Analytics, XSOAR
  • Languages

    Python, Java, Bash
  • Storage

    Azure Active Directory


  • Master's Degree in Computer Science
    2008 - 2010
    University of Ghent - Ghent, Belgium
  • Bachelor's Degree in Informatics
    2005 - 2009
    University of Ghent - Ghent, Belgium


  • Certified Information Systems Security Professional (CISSP)
    MAY 2017 - PRESENT
    The International Information System Security Certification Consortium | (ISC)²
  • GIAC Certified Intrusion Analyst (GCIA)
    JUNE 2014 - PRESENT
    SANS Institute

To view more profiles

Join Toptal
Share it with others