‘Ex-cybercop’, he calls himself on Twitter – a nod to his career in the gendarmerie, police and Federal Computer Crime Unit that spanned many years. Today, Tim Cools is a cybersecurity consultant and practice manager in the Ordina Security & Privacy team. In addition, he also informs people about cybersecurity in the media, gives talks at events, and teaches young people about cyberbullying. Meet Tim Cools, a true cybersecurity warrior.
Tim Cools was born to be a gendarme. ‘My grandfather, my father, my uncles; they were all proud gendarmes. As a child, I really looked up to them. It seemed like a great job to me,’ Tim Cools opens. He followed the family tradition and at eighteen, he left for the gendarmerie barracks in Brussels. He became a non-commissioned officer and patrolled the streets of Brussels. ‘Exciting times. I loved the dynamics and multicultural aspect and learnt a lot about people. But after a few years, the commute to Brussels and night shifts became too much. I requested a transfer to the gendarmerie team in Kontich, closer to home.’
Joined the Federal Computer Crime Unit
Tim spent the extra time he gained pursuing a hobby that had taken over his life: he took an ICT degree at the Open Universiteit. ‘In secondary school, I’d studied accounting-ICT and this has been an interest of mine ever since. I had no intention whatsoever of leaving the gendarmerie, but the course was a welcome challenge. Especially when the gendarmerie merged with the municipal police in 2002 and I ended up having fewer responsibilities.’ Out of the blue, the course opened the door to a dream job. Tim passed the detective’s exam to join the Federal Computer Crime Unit (CCU), where he was given the opportunity to combine his love of IT and police work.
As a detective with the Federal Computer Crime Unit (CCU), Tim got the opportunity to combine his love of IT and police work.
Rounded up a phishing gang
‘It was an amazing time in my life. Thanks to intensive internal training in forensic analyses and detective’s training, I was given more and more responsibilities. There wasn’t any real cybercrime yet back then, but we did deal with a wide range of computer crime, from fraud and child abuse to drug crimes and murder.’
In 2012, Tim’s team found itself investigating a large-scale phishing campaign that affected more than 3,000 people. ‘We pressed the Federal Public Prosecutor’s Office to look for the criminal organization after the fact. And that’s how I became a member of the Joint Investigation Team that was able to dismantle the gang. It was a milestone that made all the headlines. It still fills me with pride today.’
Uncovering terror networks
Tim’s efforts were rewarded: when terrorism reared its ugly head in Europe, he was given the opportunity to set up the cybercrime unit. The team trawled the internet for signs of terrorism, radicalism and human trafficking. A few months after the unit was created, Belgium was hit by terror attacks in Brussels. ‘We worked around the clock to support other detectives, with great results,’ says Tim. ‘By the end of that year, our team had grown from 2 to 21 people. But when the terror threat subsided, our team’s resources also dwindled. Our work became increasingly administrative. Time for a career change.’
From reactive to proactive
On the advice of a friend, Tim applied for a position of cybersecurity expert at Ordina. ‘Reluctantly,’ he admits, ‘because I wasn’t sure whether a job in the private sector would suit me. But the first interviews went really well, I quickly felt at home and was immediately entrusted to work at a client’s site. My first assignment was a security analysis of MS Office 365 for a large fintech company. Completely different from what I was used to. For years, I had been looking for fraudsters and criminals reactively. Now, I actually had to stop them from committing crimes in the first place.’
For years, I had been looking for fraudsters and criminals reactively. Now, I actually had to stop them from committing crimes in the first place.
Vulnerability management and incident response
People were impressed with Tim’s approach. After a month, he was tasked with vulnerability management at another big client’s site. He explains: ‘While the company did scan its servers and laptops for vulnerabilities, they didn’t have the expertise internally to carry out the monitoring and remediation in a structured way. I immersed myself in risk-based vulnerability management and put theory in practice. With the help of colleagues, both our own and those at the client’s site, we achieved great results: after 18 months, there was a 70% decrease in the number of vulnerabilities. This is an ongoing assignment.’ In addition, Tim also set up an incident response team, which he leads. They monitor all tools, provide support, search for attacks and jump into action as soon as an incident occurs.
70% decrease in the number of vulnerabilities, thanks to our approach
Expertise, continuous learning and autonomy
Meanwhile, Tim combines these duties with the role of practice manager for the business unit. ‘One of many unexpected twists and turns in my career,’ he laughs. ‘I never saw myself in a managerial role but now, I manage the cyberdetection & response services team: Amazing people who really pull out all the stops when needed. To give you an example, when I recently needed five people to work on a Saturday morning for an intervention, it didn’t even take 10 minutes to get enough volunteers.’
Is it the people who make the business unit great? ‘We have several strengths, both those that benefit our clients and our employees. Thanks to our high-performance teams, which consist of experts from different units, we can turn our hand to anything. We are encouraged to keep on learning. In our business unit, for instance, people have to obtain one new certificate every year. And, thanks to the flat hierarchy, everyone has a lot of autonomy. That’s motivating. I can honestly say that I haven’t regretted making the move to the private sector for a second,’ Tim concludes.
Our team pulls out all the stops when needed and we are continuously learning.