Percy Rotteveel
Scan contact card
Senior Application Security Consultant
“The only way to do great work, is to love what you do.” — Steve Jobs
My roots and passion lie within the Application Security (AppSec) Industry, and in this phase of my career, I have decided to return to what I do best and enjoy the most.
Hire an internationally accomplished, hands-on Senior AppSec Consultant and receive 25+ years of overall Cyber Security experience.
Certifications
Socialization
Skills
- Security Policy
- Security Requirements
- Vulnerability Management
- Compliance Validation
- Architecture Review
- Integration
- Education
- Threat Modeling
- Manual Code Review
- SAST
- SCA
- DAST
- IAST
- RASP
- Atlassian
- Jenkins
- Bamboo
- Bitbucket
- GitHub
- GitLab
- MediaWiki
- c
- c++
- Java
- PHP
- Python
- git
- subversion
- linux
- bash
- javascript
- typescript
- c#
- Microsoft SQL Server
- Oracle
- MySQL
- IP Networking
- DNS
- Firewalls
- SaaS/PaaS/IaaS
International Medical Device Supplier
HIPAA being the business driver, Application Security (AppSec) had to be build into the existing DevOps of an acquired company.
International Software Company
The existing Application Security (AppSec) Program was too disjointed, which resulted in an unclear picture of the security posture of the application portfolio. Plus, the program was too expensive.
Dallas Bishoff
MANUS 360 leveraged Percy's highly competent knowledge, skills, and ability to benefit a healthcare client. The organization needed assistance in accounting for information security requirements. Percy was instrumental in assessing the state of the organization but also contributed to a strategy to implement an application security program. We look forward to working with Percy on other engagements in the future.
Habibeh Deyhim
Strong work ethic, highly skilled, dedicated, deep technical expertise, team work is something that comes to my mind when I think about Percy! He is extremely supportive of the team, makes sure everyone is equipped to get the job done. He leads by example making sure the projects are delivered on time and to the best quality. He is an all round great guy to work with. I highly recommend Percy to anyone who has a potential opportunity to work with!
Include Security, LLC
Percy has helped us tremendously this past year. He implement a range of processes and procedures around our workflows including Tech PM project dashboard, Consultant interest & skills tracking application, he also improved individual performance, cohesion and collaboration within our Tech PM team. I'd like to thank Percy for the strategic leadership he brought to the company, his high level of integrity and his good sense of empathy. I consider him a good friend and wish him all the best in his future endeavors.
Wait! There's more..
See all Testimonials
Experience
Senior Application Security Consultant
- Develop, implement, and administer application security (AppSec) programs and infrastructures.
- Recruit and mentor AppSec engineers with effective coaching and training techniques .
- Liaise with a cross-functional organization to integrate security into the product lifecycle from design through deployment.
- Identify application security requirements, conduct application security assessments, and present developers with remediation guidance and advice.
- Carry out code analysis and utilize both static and dynamic application security testing (SAST/DAST/SCA/IAST/RASP) solutions while conducting manual vulnerability analysis.
- Facilitate, prioritize, and validate the urgency of mitigation of product vulnerabilities and security feature enhancement requests by operating closely with product development/marketing teams.
- Transcribe policies, procedures, and protocols to incorporate AppSec into the software development life cycle (SDLC, DevOps, Agile, Waterfall, etc.).
Global Director AppSec Solutions
- Set forth global AppSec sales strategies and shared impactful knowledge and experience.
- Assisted customers in establishing, implementing, and maturing their AppSec Program while executing with Fortify sales and pre-sales specialists across the world in key Fortify accounts.
- Designed a scalable framework that assists cross-organizational teams to drive value for all the Fortify customers through optimal use of Fortify in the AppSec Program.
VP Security Consulting
- Played a significant part in identifying and applying some of the best security assessment talent to benefit clients worldwide.
- Enabled the company to grow and scale successfully and implemented a variety of operational improvements through robust strategy and planning.
- Implemented and optimized processes and procedures to identify, track and improve AppSec talent, including dashboards.
- Optimized performance, cohesion, and collaboration within the IncludeSec teams to the highest level to ensure and enhance staff execution, delivering excellence to business clients.
Global Head CS for RASP
- Headed a firm that provides Real-time Application Security Protection through an attack detection technique known as LANGSEC, ensuring alignment of detection to the evolving threat landscape.
- Designed effective strategies to ensure product capabilities aligned with -and created- customer success framework to drive key decision-making, resource planning, and improve customer results.
- Built a scalable customer success organization that delivered real results, to include demonstrative ROI through successful deployment, adoption, integration, and utilization of Imperva RASP solutions.
- Identified requirements and strategy to ensure that customer feedback was effectively translated into product features to address the threat landscape, as well as business, customer, and associated needs.
VP Global Security Services and Support
- Spearheaded the development and structuring of an effective and efficient Global Security Services and Support (GSS) organization comprising Technical Support, Customer Success, Professional Services, Customer Education, Sales Engineering, and Solution Architects.
- Created the strategy to establish a security product portfolio, including installation, adoption, and expansion of the portfolio management.
- Optimized and streamlined customer feedback processes, and improved alignment and collaboration with R&D and marketing which resulted a $15M revenue increase.
- Improved quality, effectiveness, and efficiency of customer support and ensured positive customer experiences consistently.
- Enhanced cross-functional collaboration within GSS that resulted in increasing year-over-year growth for professional services and customer satisfaction for technical support by 100% and intensifying product renewal rate from 70% to 85% for customer success.
- Slashed attrition rate from 25% to 10% and augmented average consultant utilization rate from 65% to 85%.
Chief Security Services Strategist
- Designing and leading the implementation of enterprise-wide Software Security Programs, increasing software security posture.
- Building and driving Software Security Programs to introduce or increase security automation in the SDLC.
- Designing and building the Software Security Center of Excellence to provide coaching and training for the software development organization.
- Assisting customers to prioritize software security efforts, based on the information from their Customer Relation Management and their Customer Support systems.
- Collaborating with Sales on account strategies.
- Engaging with the broader technical community to define and develop best practices and incorporating them into the Services delivery methodology. Leading the testing, evaluation, and deployment of new products and releases. Collaborating with the Product Management and Engineering teams to optimize the product roadmap.
Director Software Security Solutions
- Enabling HP Fortify Professional Services to deliver Fortify software security solutions.
- Packaging of software security solutions to extend the portfolio for the Fortify Sales Force and to increase the delivery capabilities of Professional Services. Cross-organization collaboration enabling professional services to effectively and efficiently alleviate any product-related challenges the internal organization and customers may face.
- Responsible for the development of senior consultants.
- Providing oversight and management of issues and initiatives to ensure consistently positive customer experiences.
Practice Principal
Managing Consultant
Senior Software Security Consultant
Technical Architect
Senior Solution Architect
Founder and CEO
Senior Solution Architect
Systems Analyst
Software Engineer
Software Engineer
Education
InHolland - University of Applied Sciences
Dual Major:
- Computer Science
- Electrical Engineering
AI Should Augment Human Judgment — Or It Will Erase It
If AI keeps getting better at prediction, our biggest risk isn’t hallucinations — it’s sameness. And sycophancy.
In my previous post, I shared how I addressed drift, hallucinations, and context limits when working with AI. Those problems are real, but they’re solvable — and the models are improving.
The harder problem is this: AI is built on everything humans have already done. It can remix the past, but it cannot originate. It will confidently agree with your worst ideas. And it has no stake in whether you succeed or fail.
How I Finally Stopped AI From Going Off the Rails
I’ve been using AI since ChatGPT launched. For quick questions, any model works fine. But when I tried using it for bigger projects — building training programs, complex software, multi-week deliverables — I kept hitting the same three walls:
- Drift: The AI slowly forgot what I was trying to accomplish and wandered off into unrelated directions.
- Hallucination: It made up facts that sounded plausible but were completely wrong.
- Context limits: When conversations got too long, I had to start over and lost all progress.
I got frustrated. Really frustrated. So I did something different.
Too Many Meetings? How AI Can Help You Take Control
A friend recently came to me with a common frustration: “The organization has way too many meetings.” If this sounds familiar, you’re not alone. Many professionals find themselves drowning in back-to-back meetings, struggling to keep track of action items, and feeling like their actual work is getting sidelined.
Meetings are essential for collaboration, but they become a problem when they lack structure, clear takeaways, or efficient follow-ups. Simply reducing the number of meetings isn’t always the answer — what’s needed is a smarter way to manage and track them. That’s where AI comes in — not to replace your judgment, but to augment it.
Shifting Left with a Twist: Leveraging AI to Create Security Unit Tests
In the ever-evolving landscape of Application Security (AppSec), the term “shift left” has become somewhat of a mantra. This concept implies that the onus of writing secure code is progressively shifting towards software engineers. Consequently, a myriad of AppSec tools are being integrated into the engineers’ build processes, subtly altering the way they construct their code.
But what if we could take a slightly divergent approach to this “shift left” movement? What if we could mitigate its impact on the daily lives of software engineers?
The price of SAST as an afterthought
Your number one priority in building a new application? Getting it into the hands of potential customers as fast as possible. Understood, but what are the risks of this practice? Your Application Security (AppSec) is an afterthought, and the risk exposure of your company is unknown. Now, I am not here to judge this approach, but rather applaud you to want to address the issue. This article provides you with a method to determine how much time (=$$) is needed to address potential vulnerabilities in your application.
Wait! There's more..
See all Blogs