Welcome back to one of our favourite blog series, where a different member of the team is introduced on the second Monday of each month. In these posts, you can find out more about the hoodies behind Zerocopter!
Our next conversation is with Lennaert Oudshoorn, the Security Analyst of Zerocopter. Lennaert takes care of the internal security of Zerocopter as well as works triage.
Please tell us a bit about yourself, who is Lennaert Oudshoorn?
As an accomplished ethical hacker, I have found vulnerabilities on behalf of several large organizations including the Dutch government. I also report vulnerabilities "on the side" in my role as a volunteer with the Dutch Institute for Vulnerability Disclosure (DIVD). At DIVD, I have worked on a number of notable cases, including some that made international headlines, such as the big July 2021 ransomware incident involving Kaseya.
How would you describe your job title in a couple of words?
As a security analyst, I review internal policies and systems on their security. I’m also the person who communicates with researchers reporting issues on our own Coordinated Vulnerability Disclosure and Researcher programs. In addition to this, I also work triage, reviewing vulnerabilities submitted for our customers.
What do you like about working in Security Analyst at Zerocopter?
Every day I get to see and investigate new things, learn more and help our customers be more secure.
How did you end up at Zerocopter?
I already knew a few people working here, and when I was looking for a new challenge they approached me and asked if I was interested in joining the team.
If you could trade positions with anyone in Zerocopter for a day, who would it be and why?
I would probably trade positions with Mattijs, our Head of Research & Development. Hacking and developing new things is one of my passions and I am always interested in that.
What have you learned from working at Zerocopter?
More than I could say in a few words - but one thing would be that everyday I am learning from all the interesting reports our amazing researchers submit.
When was the first time that you heard about the term “Bug Bounty” or “Responsible Disclosure/Coordinated Vulnerability Disclosure”?
Probably around 2011 when the Dutch website “Web Wereld” did Lektober in which they disclosed a vulnerability in a website every day.
What resources (books/podcasts/courses etc) would you recommend to someone (new) in this industry?
Darknet Diaries is a podcast that always has amazing stories. Stok, John Hammond, and Nahamsec all have must-follow YouTube channels. When getting started in this industry the courses from The Cyber Mentor offer great value for their price.
What is your favourite stereotype about the hacking industry and why?
That we always wear hoodies, because hoodies are super comfy!
We hope you enjoyed getting to know Lennaert a little better! Stay tuned for our next post in April!