A portfolio of sorts

Quick skills summary
malware, email security, threat modelling
Python, Perl, JavaScript
Linux, Windows, Android
HTTP, SMTP, TLS, cryptography
writing, policy, editing, conference organising
English, Dutch, German

This is an overview of the various things I have done while working in IT security. I am currently looking for work, either part-time (I am set up to do contract work) or full-time, remote or on-site, with the main requirements that it is in IT security and that it is something I believe in. Contact me (martijn@lapsedordinary.net) if you are interested! (I am also on LinkedIn and Twitter ─ with open DMs ─ if you prefer that.)

Go directly to: Research, Writing, Speaking, Skills, Other.


Though the various roles I have had never formally included research, I have often found time for shorter ad-hoc research projects, mostly focused on malware and spam. Three highlights:

Twitter botnet takedown

In 2013, I discovered a large Twitter botnet whose accounts were being sold as followers on shady websites. I wrote some scripts that found many of these accounts and ended up reporting about 45,000 them to Twitter, which took them down.

The many faces of Mevade

Together with João Gouveia of Anubisnetworks, I analysed this large botnet (also known as Sefnit) based on its C&C traffic. The research was also presented at Botconf 2014.

Dridex malspam campaign

Together with two colleagues at Virus Bulletin, I analysed a malicious spam campaign that pushed the Dridex malware.


I have written things from before I worked in infosec: from lecture notes (this is an example) and biographies of famous mathematicians to record reviews and interviews with bands. I have kept various personal blogs over the year.

I have written hundreds of blog posts for Virus Bulletin, as well as some larger papers and test reports. I also have written various guest pieces and op-eds. Three examples of the writing I have done:

(How) did they break Diffie-Hellman?

Op-ed for Ars Technica on an attack against the widely used Diffie-Hellman key exchange protocol.

What would Cameron’s ‘anti-terrorism’ proposals mean for the UK?

Blog post for Virus Bulletin that looked at the kind of anti-encryption proposals many governments and politicians have proposed.

The Virus Bulletin Newsletter

I created and wrote a weekly newsletter with links to and short summaries of the most interesting threat analyses from around the Internet.


I have spoken at security conferences around the world, including RSA USA, Northsec, TROOPERS, Nullcon, Botconf, AfricaHackon, NCSC One, IRISSCON, APWG meet-up and BSides (San Francisco, London, Athens, Ljubljana). Topics have varied from malware and spam to cryptography and general security topics. Three highlights:

RSA Conference 2016

Abstract: In recent years, vulnerabilities have been shown in a number of prominent encryption protocols and standards. Yet despite experts consistently warning about these weaknesses, they continue to be used. This session will look at the most prominent of these weaknesses and tries to answer the question: are we right to be worried about them? The answer may be surprising to many.

Botconf 2019

Abstract: ‘Malspam’ (an umbrella term for spam campaigns that deliver malware or send users to phishing sites) has long been the prominent way for individuals and organisations to get themselves infected. These campaigns are opportunistic (i.e. non targeted), which distinguishes them from very targeted spear-phishing campaigns. Yet these malspam campaigns also differ in a number of fundamental ways from ordinary spam, which positively affects their effectiveness and negatively affects our ability to analyse them. In this talk, I will explain how most malspam campaigns differ from ordinary spam, based on years of studying the email part of such campaigns in our lab. I will discuss how this makes them a lot better at bypassing email filters and how this affects their visibility. (Slides)

BSides London 2015

This was an introduction to Elliptic Curve Cryptography for non-experts that I have given four times in total; more recent versions included a few more details but still contained the same core that I first presented in London in 2015.


I am a jack of all trades, master of none, which means I have seen and done a lot of things but also that I may not have worked with the specific thing you’re looking for. I’d probably pick it up quickly though.

I am familiar with both Linux and Windows operation systems (both desktops and servers), as well as Android: I understand how to manage them, and how they work under the hood.

I can program. I have written test frameworks for email and web security products in Perl, which tends to be my choice of language. I have also managed a web server written in Perl, completed a half-finished open source project related to that, and wrote my own RSS reader that doubles as a social bookmarking system, also in Perl. I have some familiarity with JavaScript, Python, PHP and C. (Update: I rewrote said RSS reader in Python. My Python skills are quite decent now I guess.)

I am familiar with Linux command line tools and have a pretty good understanding of how computers work in general, also ‘under the hood’: file systems, user accounts etc. I am not a reverse engineer, but understand the basics of assembly language.

I understand how malware works, how security threats in general work and the role vulnerabilities play. I understand the risks from digital threats various vulnerable groups face.

I have an M.Sc. degree in mathematics and have worked as a researcher in algebraic geometry. This helps me understand a lot of mathematical concepts when applied to computer security, for instance in machine learning.

I speak Dutch and English fluently and can hold a conversation in German. I speak some basic French and Greek.


Outside cyber security I have been a board member of the students’ union for mathematics, a member of the faculty council, a member of the organising committee of the Dutch Mathematical Congress, a member of a journalist collective writing about music and a trustee of a primary school.

At Virus Bulletin, I have been engaged in the organisation of the annual Virus Bulletin Conference; I had the final responsibility for all editions from 2014 to 2019 and curated the programme. I am a board member of AMTSO and a special advisor to the Coalition Against Stalkerware. I have advised the Dutch government on the use of DKIM and have curated several newsletters for Security Without Borders.

At Virus Bulletin I have managed a small, remote team and was responsible for creating the budget and making sure it was followed.