Mes compétences :
ISO 27005
PCIDSS
ISO 27001
CISSP
Cism
Qsa
Sécurité de l'information
Ssi
Banking
Risk management.
Entreprises
Verizon Business
- IS Security consultant - QSA auditor
PUTEAUX2010 - maintenant- For a French company involved in online and scratch games, I conducted an audit to optimize payment transaction costs.
- The main challenges was :
- the specific business of my client
- understanding their cost breakdown
- take into account local regulation like :
- ARJEL (Autorié de régulation des jeux en ligne)
- PCI DSS (Payment Card Industry Data Security Standard)
- Interview with technical and non-technical employees (administrative and financial manager, CIO, marketing, ...)
- For a financial organisation, I conducted a PCI DSS gap analysis
- scope definition with the client
- scope reduction proposal
- interview with employees to evaluate the compliance level of systems in the scope
- For a financial organisation, I wrote a PCI DSS practical guide to help their subsidiaries in the drawing up of their remediation plan
- For a financial organisation, I helped the heard quarter to manage their subsidiaries on the road of PCI DSS conformity
Responsibilities :
- Lead meeting and support subsidiaries on information security subject matters
- Validation of :
- PCI DSS scope definition
- PCI DSS gap analysis
- Remediation plan
- ISO/CEI 27001 Lead implementor
Quaelys
- IS security consultant
Paris2008 - 2010- CISSP certified
- Conducted intrusive security audits
- Conducted IS security audits (adaptation of ISO/IEC 2700x)
- Security equipments test and qualification
- Network and security consultancy for CISO or CIO
- Business and IT management support
- Designed innovative centralized payment solution
- Solution testing and validation (formed on breakingPoint system)
Afone
- Network security engineer
Angers2005 - 2008- Designed and implemented an multi-site high-availability mail/anti-spam solution with load-sharing (Foundry, SAN/NAS EMC)
- Designed and implemented an open-source PKI used to protect payment transactions (certificats X509, double authentication)
- Involved in the creation of a new network operator (multi-site) :
- Designed and implemented an IP/MPLS backbone (Redback, CISCO, FOUNDRY, BINTEC)
- Designed and implemented the network security policy (Fortinet certified)
- Designed and implemented transit connexion with two transit operator (CISCO, BGP, RIP, OSPF, HSRP)
- Designed and implemented xDSL collect with two operators (LNS/LAC Redback, FreeRadius)
- Conducted the agreement of the Afone payment solution with the GIE CB (approved on 08/22/2007)
- Designed and implemented the MVNO platform (3 clusters Vmware, 2 sites, Storage EMC)
- Delivering network training courses for technical staff.
- Payment protocol : X25, XTT, XoT
- CERTIFICATIONS : FORTINET, VMWARE VI3
Intranode
- Network security engineer
2003 - 2003•Design and configuration of infrastructure to validate the vulnerability scanner (2000 virtuals workstations (Vmware))
• Intranode appliances security design (crypted file system, ...).
• Network administration : Web server (IIS, Apache)
• Unix environment (Linux, OpenBSD, FreeBSD), Windows 9x/NT/200x/XP
• System script development (C/C++, Perl, Python, Ruby)
• Security: firewall, IDS, pen testing, fingerprinting, honey pots
• Crytpography: Symmetric-key, Public-key cryptography
• Router CISCO
• Secret Defense Habilitation
