Niklas Van der Mersch

About Me

I am Niklas, a sociable IT-er with a passion for CyberSecurity.

I am Belgian by birth but moved to Switzerland when I was young, absorbing the culture and mindset. Coming from a big family my heart already had a lot of space for those dear to me, the Swiss-Italian culture made room for a lot more.

Spotting work needing to be done is one of those beroepsmisvormingen that I carry over from working in Horeca. When hired, I initially set out to learn the job and people, finding small (or big) efficiency gains that can be made. Once I'm comfortable and worked in, I look for enhancements that help out the whole team.

Graduating from university gave me a wide knowledge base, which I have deepened through hands-on experience with multiple technologies, teams, and environments. I maintain a high standard of work and eagerly find solutions to problems. I have a hands-on background in operations, incident detection and response, and securing complex environments.

Skills

Security ▾

SOC SIEM Incident Response NIST

SOC SIEM Incident Response NIST DORA GDPR NIS2 OWASP SDLC Zero Trust SABSA MITRE ATT&CK Agentic AI PKI / TLS Threat Modeling Endpoint Security ArchiMate Vulnerability Management Detection Engineering Malware Analysis ISO 27001 CIS Benchmarks

Blue Team Tools ▾

Splunk Elastic Wireshark Suricata

Splunk Elastic Wireshark Suricata YARA Sigma Velociraptor Snort Zeek KAPE Volatility Chainsaw x64dbg

Tech Stack ▾

Python Terraform Linux Docker

Python Bash Terraform Java SQL Linux Docker GitHub SAST PowerShell Microsoft Sentinel RASP KQL JavaScript C(++) Haskell Azure M365 Entra ID

Soft Skills ▾

Adaptability Curious

Adaptability Curious Reliable Independent

Languages

English

Dutch

Italian

German

B1/B2

French

Certifications

Certified Defensive Security Analyst

Side Projects

Proxmox Suricata IDS UniFi NGINX WAF-ModSec Hack the Box N8N CIS Baseline

Resume

Experience

05/2025 — Present

Cybersecurity Architect

Splynter · Antwerp, Belgium

Started with a standard based on NIST 800-53, OWASP and ISO, and through refinement and automation, made the assessment process re-useable, deterministic, and streamlined. Examples include several Azure, AWS and GCP components, a Network modernization, PAM, Azure ML rollout, SAST tools, Windows 11, and many more.
As head security assessor, defined security blueprints and ensured Windows 11 met L1 CIS Baseline, applied endpoint protection and patch management policies via Intune/M365; enforced identity controls through Entra ID
Responded to several high-priority vulnerabilities by developing custom KQL alert rules and Microsoft Sentinel detections as interim controls until permanent fixes were deployed
Moved the organization from limited code control to scanning-by-default using SAST tools (SonarQube and CodeQL derivatives), replacing manual code audits with CI/CD-integrated security scanning
Taught courses on safe usage of agentic AI and AI for developing software to 20+ colleagues across technical and non-technical teams
Set up several automation projects including automatic requirements assignment, policy translator, and CyberSecurity newsletter
Security lead in development projects that require communication in Dutch, English and French

09/2023 — 05/2025

Integration Consultant

Solita · Leuven, Belgium

Inherited weak operations discipline, improving alerting, logging, monitoring and observability and documenting the incident process to ensure repeatability, consistency and availability. 100% adherence to defined SLAs across 10+ P5–P1 incidents
Replaced manual deployment of software with a CI/CD, including automated testing, quality and security checks using SonarQube (SAST). Promotion of code went from days to minutes
Collaboration with MSP was frustrating, slow and expensive, so I architected and developed the same distributed platform in Azure using infrastructure as code (Bash, Terraform, Python). This included automated scaling, decreased cost by 40%, and achieved a 20–40% gain in performance
Led performance task force on distributed integration platform, reducing real-time API latency by 30–60% through system-level optimisation
On own initiative, suggested and built several automations in Python, Java and PowerShell that improved security, efficiency and/or documentation

10/2019 — 08/2023

Bartender Manager

DE WEERELT · Leuven, Belgium

Entirely responsible for the well-being of clients at my bar
Often being the only bartender present and working until 5 A.M., every week presents new challenges and opportunities to learn from

07/2022

Internship

Solita · Leuven, Belgium

Delivered a fully playable Capture-the-flag covering all 10 OWASP API Security risks within a 3-month internship window
Studied the security possibilities of Gravitee, an open-source API Management software
Coded the front-end website associated to the Capture-the-flag game using Vue.js
Built containerized application using Python and JavaScript, deployed on Azure

07/2021 — 10/2021

Backend Developer

KU Leuven · Leuven, Belgium

Redesigned and re-implemented architecture from the ground up based on business requirements
Adapted MySQL database & Python to Docker-containerized Flask back-end

09/2020 — 02/2021

DRAMA Teaching Assistant

KU Leuven · Leuven, Belgium

Helping first year students with learning a Dutch Assembly Language

11/2017 — 10/2019

Waiter

Notre Dame Quasimodo · Leuven, Belgium

Worked full-time serving the largest brasserie in Leuven
Trained new people

Education

2021 — 2023

MEng Computer Science · Security

KU Leuven · Leuven, Belgium

Encryption & Abstract Mathematics; cryptographic foundations including modular arithmetic and protocol theory
Software engineering, system architecture, requirements engineering
Secure software using state automata, developing buffer overflows and other basic C exploits
Machine learning: built a Q&A model from scratch — tokenization, training loop and evaluation
Thesis: implemented cryptographic modules for a pseudoanonymisation system within a distributed file-saving architecture — covering trust models, data flows, and privacy-preserving protocols (GDPR-compliant)

2018 — 2021

Bachelor in Computer Science

KU Leuven · Leuven, Belgium

Mathematical foundation of Computer Science: automata, logic and programming paradigms
Building of software: the software life-cycle, maintenance, design patterns, data structures, and time/space complexity of algorithms
Bachelor Thesis: built a recommender system using ML — evaluated student readiness from past exercise performance to recommend appropriate coding exercises

2013 — 2017

High School

Liceo Lugano 1 · Lugano, Switzerland

Physics & the application of Mathematics
Course on Informatics, exploring my IT-teacher's Cyber abilities

Blog Posts

March 7, 2026 · Guide Deploying Gotenberg: a proper PDF API for the home lab

After Pandoc fell flat, I deployed Gotenberg — a stateless PDF API with Chromium inside — on an unprivileged LXC container. Docker-in-LXC, it turns out, is easier than I remembered.

January 2, 2026 · Guide Setting up N8N via LXC container

Deploying N8N — the open-source workflow automation tool — inside an LXC container on my Proxmox home lab.

December 22, 2025 · Certification Conquering the HTB CDSA: A Journey Through Defensive Security

From red team to blue team—my experience earning the HTB Certified Defensive Security Analyst certification and learning to think like a defender.

November 1, 2025 · Guide Encryption at rest, Proxmox and Terraform: the infrastructure of my home lab

Repurposing an old laptop to encrypt my data at rest and host ProxMox to deploy VMs/Containers, all managed via Terraform.

October 18, 2025 · Guide Setting up a website via GitHub

The shortcuts, references, and DNS tweaks I used to get a custom-domain GitHub Pages site online in a weekend.

August 29, 2025 · Project log Publicly exposing Billbuddy

How Billbuddy moved from a tucked-away home lab to a carefully exposed service with hardened edges.

Get In Touch

Interested in working together or just want to say hi? Reach out.

niklas@vandermersch.eu

niklasvdm