// 02 · Operative profile

About the operator.

file://simone.deyzel/bio.md · v2025.11

TL;DR Cybersecurity consultant, ethical hacker, and forensic investigator with 17 years of enterprise IT experience — spanning governance, operations management, business systems analysis and red teaming.

Over the past year I've rapidly compounded my certifications across ethical hacking, cloud security, and data privacy — and I'm not slowing down. The ISO 27032, Microsoft Cybersecurity Architect, and IAPP CIPT are scheduled in the coming months. The threat landscape changes weekly; staying ahead is a discipline, not an event.

My background is unusual on purpose. Strategic governance and business analysis on one side; deep offensive technical work and red teaming on the other. That blend means I can advise clients on security posture, operational resilience, and regulatory alignment without flipping between three different consultants.

I've delivered across financial services, SaaS and professional services — identifying risks, designing both defensive and offensive strategies, and most importantly making sure cybersecurity initiatives actually align with what the business is trying to do.

The philosophy.

Security work fails when it's bolted on. The technologists don't talk to the auditors; the auditors don't talk to the product team; the product team doesn't know what shadow IT the marketing team is running. My job is to be the connective tissue — fluent in attacker tradecraft, comfortable in a board briefing, and patient enough to map the actual workflows before recommending anything.

I work like an adversary because that's the only honest test. I document like an auditor because that's the only thing that survives a regulator's questions. And I build like a product owner because that's the only way a security programme keeps working after I leave.

Where I sit.

Based in Porto, Portugal — working in English, Afrikaans, and (slowly improving) Portuguese. Comfortable with EU regulatory contexts and equally fluent in Southern African data protection landscapes (POPIA). Most engagements happen remote-first; on-site in European Union and Southern Africa.

Outside the perimeter.

When I'm not in someone else's network with permission, I'm building HAX — a monitoring platform for analysing real-world hacking tools — running CTF practice, and reading more privacy regulation than is medically advised. Caped crusader by night, as the tagline goes.

Simoné Deyzel CEH Master · CHFI · ISC2 CC
// 02.1

Skill signal.

self-assessed · updated 2026.05

// Analytical

Business Requirement Specifications91 / 100
System Architecture Diagrams82 / 100
Workflow Mapping & Optimisation94 / 100
Stakeholder Translation88 / 100

// Cybersecurity

Information Security Governance92 / 100
Digital Forensics83 / 100
Ethical Hacking / Red Team75 / 100
Data Privacy & Protection (GDPR / POPIA)94 / 100
SYS · OPERATIONAL
LOC: PT-PRT
CRYPTO: TLS 1.3 / AES-256
00:00:00Z
SIMONE@HAX · v2.0