About Me

The long story — for the curious

#

The landing page tells you what I do. This page tells you why, and how I got here.

Three decades, one throughline

#

I started writing code before the web had tabs. I’ve debugged production systems at 3 AM, carried servers up stairwells, lived through the move from on-prem to virtualisation, from virtualisation to private cloud, and from private cloud to hyperscale. I’ve watched frameworks rise, die, and get rediscovered. And through all of it, one thing has stayed constant:

Great engineering is invisible. Bad security is loud.

Every role I’ve held — developer, architect, project leader, Infra Engineer and Security Engineer — has been a different angle on the same question: how do you build systems that keep working when nobody is watching? That’s what I do now, full-time, for clients across the EU.

What actually gets me out of bed

#

• Landing zones that are boring in a beautiful way — predictable, auditable, and impossible to misconfigure.
• Turning “we hope it’s secure” into “we can prove it’s secure” with policy-as-code, Defender for Cloud, and actual evidence.
• Migrations without drama — the ones where the business never notices, because everything kept working.
• Handing over a repo at the end of an engagement that your engineers actually enjoy reading.

The opinionated part

#

A few things I believe strongly enough to stake my reputation on:

• Infrastructure-as-code is not optional. Click-ops is how you end up with a breach you can’t explain.
• Compliance is a byproduct of good architecture, not a checklist you bolt on afterwards.
• Your cloud bill is a security signal. Weird spend usually means weird access patterns.
• Small blast radii beat big firewalls. Segment everything, trust nothing, log always.
• Documentation is a deliverable, not an afterthought you do on the plane home.

If any of that resonates — or annoys you in an interesting way — we’re probably going to work well together.

Credentials & paper trail

#

I keep my certifications current because the field moves fast and I’d rather be tested than trusted. Click through to verify any of them with the issuer.

🛡️ Security & Compliance

#

• CISSP – Certified Information Systems Security Professional (ISC²)
• CCSP – Certified Cloud Security Professional (ISC²)
• CC – Certified in Cybersecurity (ISC²)

☁️ Microsoft Azure

#

• Microsoft Cybersecurity Architect Expert (SC-100)
• Azure Solutions Architect Expert (AZ-305)
• Azure DevOps Engineer Expert (AZ-400)
• Azure Security Engineer Associate (AZ-500)
• Azure Developer Associate (AZ-204)
• Azure Administrator Associate (AZ-104)
• Azure Fundamentals (AZ-900)
• Azure AI Fundamentals (AI-900)

🚀 Cloud-native & Kubernetes

#

• CKA – Certified Kubernetes Administrator
• Azure Landing Zones – Cloud Adoption Framework

🏆 The wall

#

Outside the terminal

#

When I’m not in a Bicep file or a security review:

• Walking and cycling in the beautiful nature of Gelderland (slowly, with coffee stops).
• Working in my beehives with the most amazing creatures, the honeybees.
• Over-engineering home automation projects that nobody asked for.
• Reading incident post-mortems from companies braver than mine.
• Building side projects that will absolutely never ship.

The business

#

Gosselink ICT — independent Azure & Cloud Security consultancy, based in the Netherlands, serving the EU.

• 📍 Doornekamp 4, 3848 CX Harderwijk, The Netherlands

If you’ve read this far, we should probably talk. Get in touch →