Frans Coomans

Cybersecurity Consultant
(Offensive Security)

Francis Alwyn Coomans

Cybersecurity Consultant (Offensive Security)
OSCP, CPTS, CWES | 25+ Years in IT & Security

Contact

๐ŸŒ https://fcoomans.com
๐Ÿ”— https://www.linkedin.com/in/frans-coomans
โœ‰๏ธ Contact via https://fcoomans.com/contact
๐Ÿ“ Gauteng, South Africa

Professional Summary

Hands-on Cybersecurity Consultant (Offensive Security) with 25+ years in IT, recently transitioning from IT administration to full-time offensive security.
Skilled in penetration testing, red teaming, Active Directory exploitation, and simulated security assessments.
Ranked Top 1% (Pro Hacker) on Hack The Box and Top 1% on HTB Academy, demonstrating practical exploitation and professional reporting of real-world vulnerabilities. Produces actionable pentest-style write-ups and technical lessons learned from complex environments.

Currently seeking local, remote, or international offensive security roles where deep technical skill and practical penetration experience can enhance an organisationโ€™s security posture.

Key Achievements

  • Earned Bachelor of Commerce in Business Informatics (Cum Laude) while working full-time.
  • Ranked Top 1% globally on Hack The Box (โ€œPro Hackerโ€) and HTB Academy.
  • Completed OSCP, CPTS, and CWES through intensive practical labs and exams.
  • Successfully exploited 50+ complex AD, network, and web systems in simulated environments.
  • Transitioned from enterprise IT leadership to full-time offensive security consulting.

Professional Experience

Founder & Offensive Security Consultant | Netrunnerz (Pty) Ltd - Gauteng, South Africa

Jun 2023 โ€“ Present

  • Founded and operate Netrunnerz (Pty) Ltd, an offensive security consultancy.
  • Delivered paid VMware ESXi root-password recovery engagement for an enterprise client.
  • Provide licensing, deployment and support services for GFI LanGuard and GFI KerioControl.
  • Hold Offensive Security Certified Professional (OSCP), HTB Certified Penetration Testing Specialist (CPTS), and Certified Web Exploitation Specialist (CWES) certifications.
  • Executed 50+ simulated penetration tests on Hack The Box platforms with full attack chains (SQLi, XSS, CSRF, SSRF, command injection, Kerberoasting, pivoting, lateral movement).
  • Publish professional client-style penetration test reports for every retired Hack The Box machine completed (executive summary, technical findings with screenshots, PoC code, and high-level remediation guidance).
  • Ranked Pro Hacker (Top 1%) on Hack The Box and Top 1% on HTB Academy.
  • Daily driver tools: Kali Linux, Burp Suite, Metasploit, BloodHound, NetExec, Impacket, SysReptor, Nmap, Rustscan, Nessus.

Group IT Administrator | ACTOM (Pty) Ltd โ€“ Gauteng, South Africa

Leading energy manufacturing and engineering company with 500+ employees across 10+ sites.
Nov 1997 โ€“ Apr 2023

  • Cybersecurity Leadership: Trained 500+ staff; mentored IT technicians.
  • Risk Reduction: Vulnerability assessments (Greenbone/OpenVAS), RBAC enforcement, AD hardening.
  • Network & Systems Security: Managed routers, switches, VLANs, firewalls, VPNs, endpoints across 10+ sites.
  • Systems Administration: AD/GPOs, Microsoft 365, Domino, Linux; automation via PowerShell, Python, Bash.
  • Key Projects: Head Office IT Infrastructure, Server Room Build, Virtualisation (Hyper-V/XenServer), O365 Migration.
  • Compliance: Internal audits and vendor compliance checks (Microsoft, Autodesk).

Finance Clerk | Reumech/Reutech Head Office โ€“ Gauteng, South Africa

Defence manufacturer, part of a holding company, before restructuring.
1997

  • Compiled daily cash flow reports and prepared payment reconciliations.

Education

Bachelor of Commerce in Business Informatics (Cum Laude) | University of South Africa

2018โ€“2021

  • Graduated with 25 distinctions.
  • Coursework: Databases, Networks, Programming, Project Management, Internal Auditing.

Certifications

  • OSCP (Offensive Security, 2025)
  • CPTS (Hack The Box, 2024)
  • CWES (Hack The Box, 2023)
  • CompTIA PenTest+ (2024)
  • CompTIA Security+ (2023)
  • MTCNA (Mikrotik, 2017, Expired, knowledge retained)
  • RHCE (Red Hat, 2007, Expired, knowledge retained)
  • LPIC-1 (LPI, 2007, Expired, knowledge retained)

Technical Skills

Offensive Security & Pentesting:
SQL Injection (SQLi), XSS, CSRF, SSRF, Command Injection, File Upload Bypass, Privilege Escalation, Lateral Movement, Pivoting, Enumeration, Web Fuzzing, Manual/Automated Exploitation, Burp Suite, Metasploit, Nmap, Wireshark, Ligolo-ng, SysReptor.

Cybersecurity & Risk Management:
Vulnerability Assessment, Red Teaming, Endpoint Protection, Patch Management, Compliance Audits (Microsoft, Autodesk).

Systems & Infrastructure:
Active Directory, GPOs, Windows Server, Linux Administration, Microsoft 365, Hyper-V, Citrix XenServer.

Networking & Security:
Routers, Switches, VLANs, Firewalls, VPNs.

Scripting & Automation:
Python, PowerShell, Bash.

References

Available upon request.

View / Download My CV

Note: PDFs may open in your browser or download automatically depending on your settings.