Jean-François is based in Belgium where he is part of TrustedSec’s technical security team. As a senior security consultant, he provides cyber resiliency services with a focus on infrastructure-based assessments, red teaming, and social engineering.Next to offensive assessments, he also performs R&D to remain on top of the game, occasionally dropping a tool on GitHub to share his knowledge with the community. Furthermore, he is a strong believer in open source and regularly contributes to the offensive security community. Jean-François is currently teaching SANS course SEC699: Purple Team Tactics - Adversary Emulation for Breach Prevention & Detection.
SANS: What made you choose to work in security?
Jean-François: I used to be a system engineer but quickly realized that that was not the direction I wanted to go. I started automating a lot of boring tasks which made me have a lot of free time on my hands. The firm I used to work for had several branches and one day, we had a company get together where all branches gave more information about what they are doing in their day to day. The pentest branch presented an intro to Metasploit, and when that first meterpreter session opened, I was sold. From there on, I started studying up on network infrastructure and their weaknesses and left my sysengineering job to start working as a pentester. After being a pentester for a while, I transitioned into red teaming and later on, took on purple teaming assignments as well.
SANS: What courses do you teach?
Jean-François: I teach the SANS SEC699 : Purple Team Tactics - Adversary Emulation for Breach Prevention & Detection. I hope to one day have a 799 course as well in the future, who knows 😉
SANS: Why do you teach, research and practice information security?
Jean-François: I teach because in my opinion, knowledge is useless if it is not shared. I have a strong mindset when it comes to making the (virtual) world a safer place, which is why I don’t believe in “knowledge hoarding”, when I learn something new, I tend to (over)share in an effort to make people aware of the (virtual) risks they are facing. On top of that, it brings me great joy when I teach and people come up to me afterwards and saying that they now understand something a lot better.
SANS: What tips can you provide newcomers to cyber security and offensive operations?
Jean-François: Be a spunge ! (of course I do not mean that literally), What I’m trying to say is keep your mind open and never assume you know everything about everything. The infosec world is vast, there will always be people with more knowledge than you. My tip is, identify which areas of the field interest you most, find some experts in that field and try to absorb their knowledge as much as possible.
SANS: Who has influenced your information security career?
Jean-François: Tons of people have influenced my infosec career. It started of with one of my former colleagues that initially sparked my interest. Once I identified that I wanted to dig deeper into network pentests and red teaming, I quickly identified several people that I wanted to learn from, here is a long, yet not exhaustive list of people that have influenced me one way or another, you might recognize some of these names as there are some SANS instructors on the list!:
- Erik Van Buggenhout (https://twitter.com/ErikVaBu)
- Jonas Bauters (no twitter handle)
- Jorge Orchilles (https://twitter.com/jorgeorchilles)
- Dave Kennedy (https://twitter.com/HackingDave)
- Paul L. (https://twitter.com/am0nsec)
- Daniel “RastaMouse” Duggan (https://twitter.com/_RastaMouse)
- Adam Chester (https://twitter.com/_xpn_)
- Dylan Halls (https://twitter.com/_batsec_)
- Melvin “Flangvik” Langvik (https://twitter.com/Flangvik)
- TheWover (https://twitter.com/therealwover)
- Ruben Boonen (https://twitter.com/FuzzySec)
- CCob (https://twitter.com/_EthicalChaos_)
- Will Schroeder (https://twitter.com/harmj0y)
- Lee Christensen (https://twitter.com/tifkin_)
- Marcello (https://twitter.com/byt3bl33d3r)
- Jackson T (https://twitter.com/Jackson_T)
- Ryan Cobb (https://twitter.com/cobbr_io)
- Nikhil Mittal (https://twitter.com/nikhil_mitt)
That list goes on for a significant while.. 😊
SANS: What do you want people to know about you?
Jean-François: I love spreading my knowledge! I’m an avid blogger and occasional toolsmith so definitely keep your eye on my GitHub or blog site (https://redteamer.tips). In addition to that, I also dislike it when people are very arrogant, or try to profit of other peoples work (sometimes even without crediting the researchers). I’m all for knowledge sharing, but don’t come ask me how to hack Instagram/facebook because that really is not what I’m all about. Finally, #redteamfit all the way! I am an avid gym goer, I workout pretty much every day early in the morning, as it helps me clear my mind and become energized for the rest of the day!
SANS: Favorite quotes / books / music, etc
I enjoy all kinds of music really, my go to’s are rap and dance though, as I use those to blast through my workouts.
My favorite quote of all time is from Dwayne “The Rock” Johnson:
“Blood… Sweat… Respect…, the first two you give, the last one you earn”.
Another one of my favorite quotes is:
“Work hard, play harder”, in my opinion this is certainly true in infosec. It is important to unplug sometimes and have some fun.
SANS: Are you a gamer? If so, does gaming somewhat influence your approach to security?
Jean-François: I WAS an avid gamer before I started to work. Nowadays, I spent far less time in virtual game worlds than I sometimes like. But yes, being a gamer has influenced my infosec career. Much like videogames, I love infosec challenges, preferably in teaming fashion. I tend to avoid a lot of CTF’s because I can get consumed by it and forget to eat (and sleep). This is probably some remnant of my gaming past when I used to spend hours in MMORPGs such as World of Warcraft. For the CTF’s I do participate in however, I usually work to the bone on those. This is also the reason why I tend to do a lot of certifications, as they are nice challenges to prove you grasp concepts. The gamification of these things have certainly helped me evolve my skills.
SANS: Tell us about things you enjoy that people may not expect.
Jean-François: In addition to hacking and teaching, I’m also a hobbyist actor and singer. I hope that one day I’ll be able to play a role in a marvel or dc superhero movie.
Read Jean-François's full formal profile here.
Webcast: So You Want To Be A Red Teamer?
Presented by: Jorge Orchilles and Jean-François Maes