Jeroen Hoof is a SANS Certified Instructor Candidate for
SEC504: Hacker Tools, Techniques, and Incident Handling and a Security Operations Specialist at Davinsi Labs, where he specializes in intrusion analysis, SOC operations and detection engineering. With a career spanning law enforcement investigations, SOC operations, and cyber breach response, Jeroen brings a practitioner’s perspective to the course, helping students understand how attackers operate while developing the investigative and operational skills needed to respond effectively. His experience analyzing real intrusions, building KQL-based detections, and leading incident response efforts gives students practical insight into the tools, tactics, and decision-making processes used during modern cyber incidents.
Jeroen’s cybersecurity journey began in law enforcement, where he previously served as an investigator within the Local Computer Crime Unit of the Antwerp police. Working cybercrime investigations gave him firsthand exposure to digital evidence collection, attacker methodology, and the realities of incident handling under pressure. He later transitioned into consulting and enterprise cybersecurity roles, including cybercrime and breach response engagements at PwC Belgium, where he worked on complex investigations, detection engineering initiatives, and security operations. He then transitioned to supporting multiple different companies in various roles related to security operations and incident response. Today, through his work at Davinsi Labs and as an independent consultant, he continues to support organizations facing sophisticated threats while helping teams operationalize threat detection and response capabilities.
Jeroen holds multiple GIAC certifications, including GIAC Cyber Incident Leader (GCIL), GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), GIAC Experienced Incident Handler (GXIH), GIAC Experienced Forensic Analyst (GXFA), and GIAC Security Professional (GSP). His technical expertise spans Windows security, intrusion analysis, detection engineering, and SOC operations, with a strong emphasis on translating offensive tradecraft into actionable defensive strategies. He also contributes to the cybersecurity community through teaching, mentoring, and participation in industry events, including community engagements associated with Black Hat and incident response education initiatives.
In the classroom, Jeroen is known for combining technical depth with practical realism. Students benefit from his ability to connect attacker behavior to investigative methodology, helping them learn not just how compromises occur, but how to detect, contain, and respond to them effectively. His teaching style emphasizes hands-on analysis, operational thinking, and the importance of clear decision-making during high-pressure incidents. By week’s end, learners are better prepared to investigate intrusions, analyze attacker techniques, and communicate findings with confidence. Outside of cybersecurity, Jeroen enjoys strategy and teamwork in all forms, whether that means a Dungeons & Dragons campaign, a CrossFit workout, or exploring new restaurants and drinks with his wife. He is also unapologetically obsessed with his dog, who receives a significant share of his attention and love whenever he is away from keyboards and incident queues.
