Information Security D-List Interview: Wim Remes

wimToday we interview Wim Remes from the land of chocolate, Jean-Claude Van Damme, and beer with fruit in it. That’s right, Belgium.

Q: Tell us a little bit about yourself.

I am a 33 year old Joe Average from Belgium. I live in Hoboken (yeah, I know there is a Hoboken in New Jersey too. I live in the real one.) near Antwerp with my wife and three kids. I have worked in IT for 12 years now and have been focusing on security for about 7 years. I’ve worked as a helpdesk operator, IT admin and consulted managers on information security management. I think this mix is what makes me understand all levels when it concerns information security: from the users who want to get their job done, over the geek who salivates over every new technology he can throw into the mix upto the CEO who’s only concerned about the numbers.

Q: How did you get interested in information security?

If I look back far enough there is this moment when my dad bought our first 486 (it had this fancy Hercules monitor). It only took me a few days to find out how to set a password on the main menu. My father went ballistic because he shelled out a lot of cash for that computer and now I was the only one who could use it. It simmered for quite a while and I didn’t actually go further in the security part of computers. When I worked for a big American company in ’99, we were involved in the whole Y2K mitigation process and I got in touch with some awesome security people in the UK and the US. I took that knowledge to my next customer and started to build up a lot of network security knowledge and in the end I became the security guy at my employer (a consulting company).

Q: What is your educational background?

I only hold a high-school degree in IT, which accounts for basically nothing. When I started I was a field engineer, but I vowed to myself to never stop learning. Since then I did a lot of studying on my own, whatever subject interested me. I actually tried to get my university degree through evening school but at that moment (working as a sysadmin) I couldn’t see the value of all the theoretical stuff I was learning. I think I’ve always looked at knowledge I can translate to or use in whatever I am doing at a particular point in time. I have however (with the necessary pressure applied) obtained several “professional” certificates. I think, from a hiring perspective, some of my employers might have judged me partially on the certificates on my resumé. I personally feel that my time in the trenches has contributed more than whatever combination of multi-coloured pins I can sting you with.

Q: What did you want to be when you grew up ? Would you rather be doing that?

I have had several dreams about what I wanted to be. Among those were being black (I was 16 and listening to gangster rap), being Asian (17, and them girls were cute !) and being rich (18 and I wanted my second hand motorcycle to be a Harley Davidson). what I really wanted to do was writing but I am not a prodigy in that department. Sure, I would love to spend my time behind a dusty typewriter and publish books and win prizes. At the point in my career where I am now, I wouldn’t trade this profession for anything in the world. I don’t think there’s anything I’d rather do right now, but never say never.

Q: What is your favorite security conference (and why)?

I have two. Accidentally those are the only two real cons I’ve attended 🙂 First there is Brucon ( which was organized for the first time in September of 2009. It is close to my heart because I volunteered there and the atmosphere we created was really special. The second one I attended in November 2009, as a speaker, was Excaliburcon. Firstly, because it was in China and I have a strong bond with that country and secondly because I was a speaker there and attending a conference in that way is a completely different experience. I met the most awesome people and came back totally charged.

Q: Did you notice any differences between the European and Chinese hunger for security knowledge whilst at Excaliburcon? What is your impression of the information security industry in Asia?

Yes, absolutely. In Europe you see an absolute hunger for knowledge, apart from the very high quality conferences like, CCC, Brucon, etc. there is a growing hackerspace scene. People are getting together and share knowledge. There is not a real teacher/student hierarchy and everybody pushes everybody forward. It’s pretty amazing actually. The same information sharing attitude is entering the corporate world as well. In China, the hunger is there absolutely but while I feel that you learn the most by discussing and juxtaposing opinions, this is not part of the Chinese culture yet.

The “teacher” enjoys a privileged position in China, students respect him/her and are not expected to question his material. When we were at Excaliburcon though, we felt that this also is changing. I had awesome discussions with several attendees and speakers. It was actually one of the goals for which we were there and I think in future editions this will shine through even more.

Q: What do you like when you’re not “doing security”?

That’s a difficult question for me. Between my job, the Eurotrash podcast, some blogging (very low profile right now) and studying all the time I try to be a decent dad and husband. I love to go out for a good meal and some entertainment and play volleyball occassionally. That’s about it.

Q: Tell us a little bit about the Eurotrash podcast.

I got my first taste of podcasting while doing the Brucon podcast, which I did together with @security4all. It was fun interviewing the speakers so I wanted to do more. At Brucon I met @daleapearson, @chrisjohnriley and @craigbalding and we kinda agreed on one thing : While there is some high quality infosec podcasts out there, there wasn’t one that focused on Europe. The reason we believed we needed one is twofold :

We have some pretty amazing talent in the infosec scene that rarely steps into the limelight and the way information security is handled here is very different. It went very quickly from there, Mirko Zorz (@helpnetsecurity) designed our logo, @xme was kind enough to host our content and our guestlists filled up nicely. Until now we did four episodes, including interviews with Didier Stevens and Mokum von Amsterdam (I’m not sure whether I can use his real name …) and a joined episode with the guys from Exotic Liability which was a blast to make. I think in 2010 we might get better at podcasting so people should consider sitting through a few more “average” episodes.

If not for us then maybe for our funny accents?

Q: What area of information security would you say is your strongest?

I see myself as pretty versatile. I focus a lot on Identity and Access Management these days and I have a passion for log management, intrusion detection and security incident and event management. I think I’m pretty good at incident handling and network security too.

Q: What about your weakest?

I sometimes wish i was more of a coder and could be able to find my own vulnerabilities in applications. Because that would make me a rockstar. But I hate coding with a vengeance. I hold my own on application security but I feel I have to spend more time on the subject to really ace it. Compliance is something I try to stay away from as much as possible.

Q: What advice can you give people who want to get into the information security field?

Engage in your local community. ISSA, ISACA, Defcon chapters. There’s plenty of awesome people there. Just talking to them will give you a lot of food for thought. Don’t be afraid to ask questions. Don’t look at cons at the ultimate place to learn. Most learning will happen on your own, fueled by the ideas you get from others. And last but not least, don’t be afraid to get your hands dirty. you have to dig deep to find the awesome stuff.

Q: How can people get hold of you?
Blog: (my blog is pretty dead right now, I hope to find some time in 2010 to blog more)
Phone: +32497597454

Scroll to top