Resume of Michael Boelen
My passion is to educate others, so they can audit, analyze, and secure their IT environments.
CISOfy is the company I founded in 2013, with Lynis Enterprise as its flagship product. It performs security auditing, detects weaknesses and vulnerabilities, and provides hardening guidance. The focus is on Linux/UNIX system administrators, DevOps, IT managers, auditors and security managers, up to the CISO. The main principles of our products are simplicity, ease of use, and automation.
Want to learn me better? ✔ Follow me on Mastodon: @mboelen ✔ Follow my blog posts: https://linux-audit.com/
My personal motto: There is always room to improve, and I will hunt for it!
Work
CISOfy
Founder
Since: Oct 2013 to Present
Lynis Enterprise is a software solution with the focus on security auditing, system hardening, and compliance. By targetting only Linux, macOS, and UNIX environments, we specialize and operate in a niche market.
Lynis Enterprise helps you discover and solve security weaknesses quickly, so you can put your time into interesting projects again. Regarding compliance needs, it covers popular standards like ISO27001, HIPAA, PCI DSS, CIS, SOx, SOC, and others.
See https://cisofy.com/lynis/ for all details.
As a founder, I’m responsible for a diverse set of activities, including strategic management of the company, development, marketing, and sales.
Part-time work
NLLGG
Advisor and promoter
Since: Feb 2025
As of February 2025, I will be part of the communication committee. Together with others we will be focusing on making Linux more accessible for those who like to use it or want to learn about it. My primary focus will be assisting the NLLGG with a communication strategy, increasing its community, and promotion. I also will stay involved as a speaker and directly share my personal knowledge about Linux security.
Skills: Linux · Communication · Community Outreach · Digital Strategy · Social Promotion
NLUUG
Honorary member
Since: May 2019
Awarded the title honorary member after my work for our association and continue to help where I can.
Webmaster
Since: May 2023
Building the most recent version of the NLUUG website together with Patrick Reijnen. My main priorities are building the skeleton of the website and its functionality. In ongoing iterations, we keep improving the website.
Member of Program Committee
From: Jan 2015 - May 2019
Supporting the program committee to ensure the best possible quality of the conference program. Includes promotion the event and sharing details with other groups.
Board Member (Secretary)
From: May 2016 - May 2019
Secretary, public relations, and social media
The NLUUG provides twice a year a conference with focus on open standards, Linux, UNIX, and open source software. Popular subjects include DevOps, cloud computing, security, configuration automation. My focus areas for the association:
- Increasing the quality of the talks
- Enhance the experience for speakers and attendees
- Promotion
Linux Audit
Editor and writer
Since: December 2013
Working on creating one of the best Linux security blogs providing free and high-quality articles.
Lynis project
Since: Oct 2007
Working on the auditing tool for Linux and Unix based systems.
Rootkit.nl
Security Researcher and Developer
Since: Jan 2003
Security research and related development of open source security tools and scripts:
- Rootkit Hunter - Malware scanning tool (trojans, backdoors, rootkits)
- Lynis - Unix/Linux security auditing tool to help with system hardening
Honors and awards
2016 Best of Open Source Software Awards
Issued by InfoWorld · Sep 2016
2015 Best of Open Source Software Awards
Issued by InfoWorld · Sep 2015
InfoWorld, the technology media brand committed to keeping IT decision-makers ahead of the technology curve—has announced the winners of its 2015 Best of Open Source Software Awards, aka the Bossies. Selected by InfoWorld editors and contributors, these awards highlight the top open source software that keep the business running. From clouds, to data centers, networks and more, Bossies 2015 recipients provide a software guide for all
http://www.idgenterprise.com/press/infoworld-announces-the-2015-best-of-open-source-software-awards
Education
Koning Willem I College
Technische Informatica, ’s-Hertogenbosch (The Netherlands), 1999-2002.
HAVO
d’Oultremontcollege (Drunen), 1994-1999.
CISSP
By: Lancelot Institute in 2009
Training: CISSP (5 days)
Followed this CISSP training in the week of 26 October 2009, as a preparation for the CISSP exam
Lean Six Sigma - Orange Belt
Tri ICT, 2012, via ASML
Recommendations
Niels van der Pijl
Received via LinkedIn on October 10, 2014 (Niels worked with me on the same team as a security consultant):
Michael is one of a rare breed. In addition to the integrity which is part of his DNA, he is extremely skilled, driven and intelligent. As Security Coordinator I’ve worked with Michael for almost 2 years and have experienced him as an exceptionally pleasant colleague who’s technical knowledge, communication skills and personality make him a valuable asset to any team.
William Milne
FinTech Consultant & AI Software Entrepreneur shared on May 26, 2020 via Linkedin:
Buck stops with Michael (’nix security); he has built some awesome audit tools from ground up.
Previous work
ASML
Veldhoven (The Netherlands) From: Jan 2012 - Sep 2013
Service Manager Connectivity
From: Jan 2012 - Sep 2013
Service delivery management for WAN connectivity world wide. Responsible for budgeting, forecasting, administration, projects and single point of contact for this service.
Main services include MPLS, perimeter, network level APM (application performance management) and WAN acceleration. Since we are the center of all communication we have close relationships with general projects and security related projects. Main daily activities consist of incident handling, service improvements, capacity extensions and upgrades.
In a nutshell: vendor management, traffic optimization, performance, security, tuning, availability, billing, financial forecasting, service delivery management, solutions, lean IT and waste removal, proxies, firewall, WAN acceleration devices.Service delivery management for WAN connectivity world wide. Responsible for budgeting, forecasting, administration, projects and single point of contact for this service. Main services include MPLS, perimeter, network level APM (application performance management) and WAN acceleration. Since we are the center of all communication we have close relationships with general projects and security related projects. Main daily activities consist of incident handling, service improvements, capacity extensions and upgrades. In a nutshell: vendor management, traffic optimization, performance, security, tuning, availability, billing, financial forecasting, service delivery management, solutions, lean IT and waste removal, proxies, firewall, WAN acceleration devices.
Process Controller
From: Jan 2012 - Sep 2013
Responsible for process management of our team, with focus on ITIL related processes.
Common activities include: dealing with high priorities, routing exceptional cases and problem solving between teams. My direct colleagues are responsible for the technical activities and related expertise area. I manage the process related activities, to streamline their focus. Examples include communication, be a sparring partner for our manager, KPI reporting and determining improvement steps. It includes joining weekly meetings regarding process management, or when needed the CAB (Change Advisory Board).
Keywords regarding this role are: lean IT, six sigma, waste reduction, process improvement, change, incident and problem management, crisis communication and escalations.
Philips
Security Officer
Jul 2009 to Dec 2009 · Eindhoven, NetherlandsEindhoven, Netherlands
Responsible for tactical and operational security within the data center team. Related activities were security incident response, vulnerability scanning, consultancy for projects and security awareness.Responsible for tactical and operational security within the data center team. Related activities were security incident response, vulnerability scanning, consultancy for projects and security awareness.
Linux / UNIX System Engineer
Jan 2008 to Jun 2009 · Eindhoven Area (The Netherlands)Eindhoven Area (The Netherlands)
Working for the biggest EMEA data center to support Philips business. The primary activities of the data center is providing hardware hosting, and shared services. In my roles, I supported the UNIX team by means of security advice, UNIX and storage management, and generic process improvements (ITIL).
T-Systems
Security Officer
From: Jan 2010 - Jul 2011
Eindhoven (The Netherlands)
As security officer responsible for security related to data center, infrastructure and to some extend hosted applications. Due to a NDA no further details can be given for this position.
Snow
Consultant
From: Dec 2007 - Oct 2013
Geldermalsen (The Netherlands)
- Consultancy for customers. Focus areas include information security, service management, and process improvements.
- Product group: Security
IT Construction Company
Network and Security Engineer
’s-Hertogenbosch (The Netherlands)
From: Oct 2002 - Nov 2007
- Network and internet security and related services (patching, IDS, firewalls, telecommunication taps, malware scanning)
- Setting up and maintaining Unix systems (Red Hat, FreeBSD)
- Datacenter migration
- Lotus Domino administration, user/identity management
DO-IT-SO Automatisering
Novell / Linux Administrator
’s-Hertogenbosch (The Netherlands)
Since: Sep 2000 - Sep 2002
Hardware replacement, PHP development, dealing with internet technologies (configuration of e-mail, DNS, web hosting) and support for Novell Netware installations.
Memberships
ITGilde Coöperatie
Member
Sep 2015 - 2019 · 3 yrs 5 mosSep 2015 to 2019 · 3 yrs 5 mos
The “IT Guild” is a Dutch group of mostly entrepreneurs working in the field Linux and UNIX system administration, and related projects. The goals of the guild including increase knowledge sharing and promote networking opportunities. I became a member to share my knowledge in the area of Linux security, like security auditing, hardening, and compliance.