Marco Luyckx — Freelance Cybersecurity Engineer

marco@security:~$

Freelance Cybersecurity Engineer · DevSecOps Engineer

Booked until Q3 2026

marco@security:~$

I help development teams ship secure software, not by gatekeeping releases, but by embedding security into every stage of the development lifecycle.

→ Shift-Left Security:  Integrate security from design to deployment, not as a last-minute gate

→ Pipeline Automation:  Integrate SAST, DAST & SCA into CI/CD pipelines for continuous, automated testing

→ Developer Enablement:  Train developers to write secure code, not just find their vulnerabilities

marco@security:~$
Get in touch

About Me

# ─────────────────────────────────────────
marco@security:~$ cat ~/about.txt

Cybersecurity engineer based in Brussels, driven by the challenge of making software secure by design. When I'm not breaking things to make them stronger, I'm exploring CTF challenges, tinkering with automation, or diving into the latest security research.

Brussels, Belgium

French (Native) · English (C1)

Experience

# ─────────────────────────────────────────
marco@security:~$ history | grep "career"

Cyber Security Engineer @ [UNDISCLOSED] · Part-time

Nov 2025 - present

Due to the sensitive nature of this role, details cannot be shared publicly. Happy to discuss responsibilities and achievements during a live conversation.

Cyber Security Engineer @ NEVERHACK · Full-time

Sep 2024 - present · Brussels, Belgium · Hybrid

Technical Contributions

Code review of web applications and integration of SAST/DAST tools into CI/CD pipelines

Deployed a self-hosted collaboration platform (11+ services) using IaC/CaC with multi-tier network segmentation

Designed an ISMS and security policies aligned with ISO 27001

Developed secure web applications with a security-by-design approach

Penetration tested web applications, delivered reports and coordinated remediation

Reviewed cybersecurity educational content for military training programs

Business Contributions

Pre-sales support including demos and licensing of cybersecurity and DevSecOps technologies

Delivered technical presentations and workshops to technical and non-technical audiences

Internship Trainee @ Micropole BeLux · Internship

Aug 2023 - Oct 2023 · Belgium · Hybrid

Offensive testing of infrastructure using Vagrant, Ansible, Docker, Terraform

Automated client-specific password policies through IaC/CaC

Delivered cybersecurity awareness sessions to improve security posture

Skills

# ─────────────────────────────────────────
marco@security:~$ neofetch

marco@security

──────────────────────────────
OS: DevSecOps Engineer
Kernel: Secure SDLC
Shell: Python, JavaScript (TypeScript), Bash, C
Packages: SAST, DAST, IAST, SCA, IaC scanning
Uptime: 2+ years in cybersecurity
Resolution: Shift left, automate, educate, teach
marco@security:~$ cat /proc/skills

Security Testing

Penetration Testing4.5/5
SAST / DAST5/5
Code Review5/5
Threat Modeling4/5
Web App Security4.5/5
API Security4/5

DevSecOps & Automation

CI/CD Security5/5
Docker4/5
Ansible4/5
Terraform4/5
GitHub Actions4.5/5
Kubernetes3/5

Programming

Python5/5
JavaScript4/5
Bash4/5
TypeScript4/5

Governance & Standards

ISO 270014/5
OWASP5/5
ISMS Design4/5
NIST4/5
Risk Assessment4/5

Projects

# ─────────────────────────────────────────
marco@security:~$ ls ~/projects/ --group-directories-first

Intrusion Detection System with ML

Grade: 20/20 · UNamur

Classifies network hosts from DNS traffic as human or bot using machine learning algorithms (logistic regression, decision trees, random forests, neural networks).

Network SecurityMachine LearningPython

Tar Extractor Fuzzer

Grade: 20/20 · UCLouvain

Automatically generates malformed inputs to find crashes and vulnerabilities in a tar extractor. Uses generation-based fuzzing with targeted header manipulation.

FuzzingSecurity TestingC

Network Attacks & Defenses

Grade: 19/20 · UCLouvain

Demonstrates network attacks (port scanning, DDoS, ARP poisoning) and their firewall-based defenses on an emulated network topology using Mininet.

Network SecurityPythonMininet

Rainbow Table Password Cracker

Grade: 16/20 · HELB

Generates rainbow tables and cracks SHA256 password hashes. Supports table generation, hash attacks, or both in sequence.

CryptographyPassword CrackingC++

NoHackGenda – Secure Agenda

Grade: 15/20 · 2nd best grade in class · HELB

Security-focused online agenda application with emphasis on data protection, secure design, and containerized deployment.

Secure DevelopmentTypeScriptDocker

Digit Recognition Web App

Grade: 18/20 · ULB

Web application that recognizes handwritten digits using supervised machine learning classification. Built for Printemps des Sciences 2022.

Machine LearningJavaScriptWeb Development

AutoChef – Recipe & Meal Planner

Grade: 17.5/20 · ULB

Desktop and web application for managing recipes, planning meals, generating shopping lists, and finding nearby stores.

JavaSoftware EngineeringSQLite

L-Type – Multiplayer Shoot 'em Up

Grade: 17.5/20 · ULB

Vertical scrolling multiplayer arcade game with configurable difficulty, weapon upgrades, and co-op gameplay.

C++Game DevelopmentCMake

USB Arsenal

Bash Bunny & Rubber Ducky payload collection for authorized red team engagements. Multi-platform credential extraction, keystroke capture, network reconnaissance, and data exfiltration with standardized OPSEC guidelines.

Red TeamingOffensive SecurityDuckyScriptBash

Flipper WiFi Cracker

Automated WPA/WPA2 cracking pipeline for Flipper Zero captures. Syncs pcap files, converts to hashcat format, deduplicates networks, filters ISP routers, and tracks results in a unified database.

WiFi SecurityPythonHashcat

SiteGuard

Chrome extension prototype for real-time website risk assessment. Rule-based phishing and scam detection with 15+ heuristic rules, brand impersonation checks, and optional AI-powered analysis.

Phishing DetectionTypeScriptChrome MV3AI Analysis

PosturePilot

Security posture management SaaS with AI-powered remediation recommendations. Multi-tenant architecture with RBAC, SOC2/ISO compliance mapping, and deterministic risk scoring.

CompliancePythonFastAPIAI Recommendations

IR Mission Control

Facilitator-led incident response training platform. Real-time collaborative simulation with role-based gameplay, deterministic scenario engine, ops budget constraints, and AI-powered rubric grading.

Incident ResponseTypeScriptConvexAI Grading

Oralys

AI-powered oral examination platform for universities. Voice-based assessments with real-time Whisper transcription, LLM-powered rubric scoring, and instructor override workflows.

AI ScoringSpeech-to-TextTypeScriptConvex

ChapterMind

Learning platform that transforms EPUB books into AI-generated summaries, flashcards, and interactive mindmaps. Features robust chapter detection, spaced repetition scheduling, and XXE/compression bomb prevention.

AI GenerationTypeScriptNext.jsSecurity Hardening

StoryBuddy

AI bedtime story generator with voice cloning. Personalized stories using GPT-4, custom narration via ElevenLabs, gamification system with achievements and streaks, and family account management.

AI GenerationVoice SynthesisTypeScriptConvex

Packxr

Smart packing assistant with weather-aware list generation. Interactive checklists, destination insights, AI chat recommendations, and PDF export. Web (Next.js) and mobile (Expo) apps.

Web + MobileAI RecommendationsTypeScriptExpo

Mxmories

Privacy-first iOS app that clusters camera roll photos into meaningful memories. On-device processing with Core Data, location-based titles, and daily “On This Day” ritual notifications.

iOS DevelopmentSwiftCore Data

Whispering

Android voice transcription app using Groq Whisper. One-tap recording, smart AI formatting, local note storage, and auto-clipboard copy. Multiple themes and language support.

Mobile DevelopmentSpeech-to-TextTypeScriptExpo

Guess the Elf

Christmas family guessing game where players identify family members from caricature drawings. Quiz mode with scoring, confetti animations, and gallery. Runs locally on home network.

Game DevelopmentTypeScriptReactFramer Motion

CTFs

# ─────────────────────────────────────────
marco@security:~$ cat /var/log/ctf-scoreboard.log
TryHackMe Top 2% Elite
PicoCTF Gym Score: 26,545 205 challenges
Root Me 1,645 points 109 challenges

Certifications & Community

# ─────────────────────────────────────────
marco@security:~$ cat ~/certifications/credentials.yml

# Licenses & Certifications

CC – Certified in Cybersecurity

Entry-level certification validating foundational knowledge in cybersecurity principles, including risk management, access controls, and incident response.

Issued by ISC2 · Apr 2024 · Expires Apr 2027

Verified

# Honors & Awards

Finalist – Cyber Security Challenge Belgium 2024

National cybersecurity competition (CSCBE). Top 15 out of 500+ teams across Belgium.

Issued by Cyber Security Challenge Belgium (Mar 2024)

Finalist

Finalist – Cyber Security Challenge Belgium 2023

National cybersecurity competition (CSCBE). Top 35 out of 300+ teams across Belgium.

Issued by Cyber Security Challenge Belgium (Mar 2023)

Finalist

# Conferences

FOSDEMBrussels, Belgium · 2020, 2023, 2024, 2025, 2026
Pass the SALTLille, France · 2025
Cybersec EuropeBrussels, Belgium · 2025, 2026

Education

# ─────────────────────────────────────────
marco@security:~$ cat ~/education/background.md

Master of Science – Cybersecurity

Université libre de Bruxelles (ULB) (Sep 2022 - Jun 2024)

Focus on System Design, Analysis and Forensics · Magna cum laude

Thesis: “Developing an Adaptive Cyber-Range Tailored to User Skill Requirements Through Dynamic Scenario Generation”

Activities: Social engineering, Practical case studies, IT governance

Organized jointly by the Royal Military Academy, ULB, UCL, UNamur, ESI and HELB

Bachelor’s Degree – Computer Science

Université libre de Bruxelles (ULB) (Sep 2019 - Jun 2022)

Focus on Software Engineering, System Architecture and Algorithmics · Cum laude

Activities: Digital Electronics, System Administration, Astrophysics

Testimonials

# ─────────────────────────────────────────
marco@security:~$ gh pr view --comments
Ayoub Bouhnine Verified Colleague
Marco brings deep technical expertise and clear communication in equal measure. Whether breaking down a forensic artifact or walking the team through an attack chain, he makes sure everyone stays aligned. What stands out most is his discipline: once he commits to a problem, he does not let go until it's fully resolved. No shortcuts, no loose ends. The kind of teammate you want beside you when it matters most.

Digital Forensics & Incident Response — Proximus Ada

Personal Interests

# ─────────────────────────────────────────
marco@security:~$ cat ~/hobbies.yml

Escape games

OSINT & HUMINT

Passion for technology

Flipper Zero · Raspberry Pi · Rubber Ducky

Sports

Gymnastics / Swimming

Reading

Sci-fi – technology & dystopian futures:

1984George Orwell

Brave New WorldAldous Huxley

NeuromancerWilliam Gibson

Fahrenheit 451Ray Bradbury

Snow CrashNeal Stephenson

Contact

# ─────────────────────────────────────────
marco@security:~$ connect --list-methods
Email: contact@luyckx.dev
LinkedIn: linkedin.com/in/marco-luyckx
GitHub: github.com/maluyckx
marco@security:~$ echo ""
Get in touch