Erik Homma’s journey to becoming a Senior IT & Security Consultant at Neo Security hasn't been a straight line. It started early in the Netherlands, with hardware, curiosity, and a refusal to stay at the surface level of how things work.
Having bypassed traditional schooling, he was determined to dive hands-on into the hardware and software that fascinated him. Erik's self-taught journey saw him modify game consoles, program microprocessors, and reverse-engineer the weirdest file formats he could find.
He spent years mastering the craft, a 20-year path of deep, practical learning that traditional education couldn't have offered in the same way.
Today, Erik designs critical systems from a security-minded engineering perspective. He specializes in the deep, complex layers of security, development, infrastructure, and compliance. Often digging much deeper than anyone else. We sat down to discuss his unconventional path, from his "box of hacks" to saving companies from legacy code.
Erik is the atypical and rare engineer with a kind of radar that many attackers seem to have. The instinct to poke at edge cases and undefined behavior until something interesting happens.
Q: You have a very unconventional background: building computers at eight, then leaving high school at a very young age. What has that journey been like?
Erik: "It was quite a journey. By the 90s, I realized school just wasn't for me. I was more curious about what my dad brought home. He always had the latest tech gadgets.
I began building my first computer, a ZX-81, when I was eight, and I taught myself everything. It came naturally. I loved assembling computers and learning about the importance of redundancy. I set up my first Windows NT Domain Controller around '97. I was experimenting with domain architectures from the Windows NT era, and when Windows 2000 arrived with Active Directory, I was among the early adopters setting up full-blown AD environments in our network. It allowed me to dial into my other machines (yes, we had two lines back then).
The 300-baud modem, as well as the other line, got hot often!"
"The Microsoft ecosystem has come a long way. These days, I've been working in complex Azure environments, but it feels like yesterday when I was repairing things for friends and modifying their game consoles, like the PS1, PS2, and Xbox. That’s where I really got interested in hardware. I started programming my first microprocessor chip to bypass security. I was always interested in cracking software protection and reverse engineering. I was chasing buffer overflow exploits back when I barely understood how memory worked. I would reproduce known attacks and try to modify them, which taught me more than any textbook.
Understanding the actual mechanics like stack smashing, frame pointers, and return addresses took serious study over many years. The full journey from experimenting to real expertise was definitely 20 years."
What stands out in Erik's story is how early tinkering with console mods, kernel debuggers, and buffer overflows directly feeds into his work today: securing systems at the point where software, hardware, and infrastructure meet.
Q: You had this deep, self-taught technical skill, but your path towards Neo Security wasn't always straightforward.
Erik: "I faced some employment challenges for a few years, which led me into a government reintegration program. Most placements didn't work out, but my final job coach was connected to someone at Neo Security and saw potential in what I could contribute. That connection changed everything. I got an internship that led to my current role."
"It sounded so simple, but it was technically complex. Severely complex. They really wanted this button in their email client's ribbon that could parse an order into XML and ingest it directly into their ancient order system. Underneath that sat legacy COBOL systems that had been patched and modified for decades, with all the technical debt that comes with that.
So, I built it. Looking back, the integration itself was reasonably straightforward from a modern development perspective. But I spent most of my time tearing the protocol apart and debugging how the system actually behaved in production, working around bugs that previous developers had introduced over years of maintenance and quick fixes. That is where the real complexity came from: understanding 20 years of undocumented changes.
When Benjamin looked into what I accomplished, he was amazed. In fact, he was so impressed with the solution that he offered me an opportunity that same day to stay on after the internship: a full-time position as an IT consultant. I joined without hesitation."
For many engineers, legacy COBOL and ancient order systems are a nightmare. For Erik, they're just another system to reverse-engineer and make reliable again.
Q: You’re now a Senior IT & Security Consultant working on security and infrastructure. How did you become so interested in this specific, deep side of IT?
Erik: "I've always liked to break my own stuff when it doesn't work!" (laughs). "I love to open devices and hardware that aren't supposed to be opened.
Tech itself is not what drives me. It is the passion for understanding it at the deepest possible level, whether that's per protocol or specifications. I'm a specifications guy. I read the protocols for networks and systems; I've even made my own.
When I was younger, I worked with kernel debuggers to crack software, trying to modify it and find unintended or left-behind game-development functionality. That's complicated stuff, working directly with memory or crafting a payload to exploit a buffer overflow. I recall reading up on everything from memory to execution payloads, stack smashing, and frame pointers for months.
I really wanted to understand what was actually going on after I reproduced such an exploit for the first time. While I don't know if that was the first time I smashed the stack on that particular one, I've overwritten that return address more times than I can count. But each time I find some weird pointer to a stack buffer, I find myself falling into a whole new, yet fascinating, rabbit hole. It was this curiosity and passion for reverse engineering, seeing how things really work, that led me to security."
This is the mindset we rely on in incident response and architecture reviews: don't just patch the symptom. Understand the system well enough that you could have built it yourself.
Q: You've described a unique path as a self-taught engineer. What has it been like since that COBOL project?
Erik: "I'm a lucky person. Thinking about it, Neo Security, part of Korper ICT, is a wonderful place because it offers space to individuals with unique journeys.
The culture here is definitely not about where you came from, but about the value you bring to customers and the team. Neo Security hires people who are willing to learn new concepts. They don't look for a degree; they look for loyalty and talent. They look for the people who will solve significant incidents that could have a severe domino effect on mission-critical systems.
It’s about knowing that what matters most is the impact you deliver now. That suits me. Here, I have absolute freedom and the support to grow my technical depth. It is a place that lets you build, not a place that boxes you in."
"This freedom extends to the work itself. You get to work on genuinely complex, intriguing projects that test your skills. We rarely say no to weird projects; we see them as a challenge. That old PLC? We will rebuild a replica and destroy it for science. And for me, personally, it's incredible. My personal friends are non-technical, so for my whole life, I have had a hard time talking about what I do. When I came here, I could finally talk about deep technical stuff with colleagues who get it. It feels like a big family sharing a deep technical interest." If you're curious what that looks like in practice, our OT Security Assessment is a good example of how we apply this mindset in the field.
Q: Speaking of interesting projects, tell us about a favorite or particularly challenging one from your time at Neo.
Erik: "We refer to it as the 'Unspecified' project. We had to help a client comply with new regulations for a large internet sales platform and decommission their legacy integration, which had been a key element in their compliance before a law change. If they didn't comply by the end of the year, the fees would have been significant.
Though the approach was last-minute, we presumed it would take a few days to integrate a connection with the superseded program into their systems. But that turned out to be more difficult."
"I found out firsthand just how slow processes can be within large firms. Sometimes, sign-offs on a desk can be the necessary piece to save a whole company from going under. We saw how difficult it is to work with parties whose standards constantly change. The implementation almost didn't make the deadline. We still had to get access to the proper set of specifications, match these accordingly, and have our requests for system-level access granted. They were on a clock. It was a huge challenge, and we got it done."
Under pressure, Erik falls back on the same approach he used on consoles and weird protocols: read the specs, break the behavior down until it makes sense, then make things work. Even if that means reverse-engineering years of decisions.
Q: We have to ask about "the box." When I just started my internship here, I found this box on your desk with a "Bus Blaster v4" from DangerousPrototypes.com. What on earth is a Bus Blaster?
Erik: "(laughs) That's one of my many, many boxes! It's my collection of hacking, modifying, and reverse-engineering tools. Like a car mechanic has a toolbox, these are my tools for making crazy stuff.
The Bus Blaster is a high-speed JTAG debug and programming tool. It lets you interface directly with the microprocessors on a circuit board, which is precisely what you need for deep hardware analysis or modification. As I said, I like to open devices that aren't supposed to be open. I don't care where the stuff comes from; as long as I can make cool stuff with it, I'm happy."
Q: Okay, so you can make my old laptop work again. What is your favorite hardware tool?
Erik: "Hmmm. The tool I've had the most fun with is the original Proxmark3. That's the tool famously used to crack the public transportation card system here in the Netherlands." (laughs) "It wasn't me, though! For many people, it's simply the ultimate RFID and NFC research tool."
Q: If you had to recommend just one tool for beginners to start with, what would it be?
Erik: "When it comes to recommending tools for people just starting out, I always point to the Arduino. For modern learners, it offers incredible freedom to build almost anything. It's like a technical Swiss Army knife for learning how to connect code to hardware. Whether you're blinking LEDs or building security tools, it removes barriers to entry. I always keep one on my desk for rapid prototyping because it still sparks that same curiosity I had as a kid taking apart hardware."
Want to work with people who break things for the right reasons?
At Neo Security, we're building a team of engineers who think like Erik: curious, hands-on, willing to go deep into protocols, memory layouts, PLCs, and legacy code to keep critical systems safe.
Whether you're dealing with ancient appliances in your OT environment, COBOL systems with no documentation, or modern cloud infrastructure that grew too fast, we can help you understand the real risk. And fix it.