-
Sentryo
- Industrial security analyst
2016 - maintenant
For Sentryo, I work as industrial pentester. My job consists in:
- Performing attacks on industrial equipment,
- Generating offensive data,
- Analysing industrial threats for our threat intelligence activity,
- Participating in the design of detection algorithm.
-
TÜV Rheinland i-sec GmbH
- Security Analyst
2015 - 2016
As Security Analyst Consultant for TÜV Rheinland i-sec, I performed offensive security (pentests) for several different customers. I had the opportunity to work on various systems including:
- Web applications (XSS, CSRF, XXE, SQL inj),
- Fat client (hardcoded credentials, sensitive information leakage, buffer overflow, some reverse engineering),
- Information system architecture (pass-the-hash, privilege escalation, information leakage),
- Network (retrieve sentive information, mitm, client-side-attack),
- PLC indus system (buffer overflow),
- Security awareness.
Another part of my activities consists to perform ISO 27001 audits for customers like Airbus in order to assess the security level of the company.
-
EADS / Airbus Group – APSYS
- IT security engineer and project manager
Levallois-Perret
2012 - 2014
Internal group subcontractor for Airbus Final Assembly Line as industrial cyber security focal point on all commercial Airbus aircraft.
Objective: secure all means interconnected to the aircraft in industrial phase.
- Decline and implement security requirements : data loading / troubleshooting / testing / antivirus and firewall policies.
- Analyze security requirements impacts on the industrial context.
- Risk analysis implementation (method similar to ISO 27001).
- Analyze security events and find associated root causes with corrective actions.
- Verification and Validation.
- Define, write and implement technical and organizational procedure to work in secure conditions.
- Coordinate industrial teams.
- Provide stakeholders awareness on IT security risks.
- Project management to follow specific development.
-
Thales Services
- IT Architect and Project manager
Courbevoie
2012 - 2012
- AIRBUS Group: support the Service Delivery Manager with the customer (AEROLIA) projects and the internal teams in charge of technical specification and implementation.
- CNES ESSP: support the customer in the assessment and the improvement of his VMware architecture.
- Thales Alenia Space: support customer IT team as a dedicated infrastructure architect (VMware and network architecture improvement).
-
3IL Rodez
- Missions as a university teacher on IT security and risks
2010 - 2012
During two weeks of vacancies a year, I worked as a teacher for engineer student.
Objective: provide a clear vision of security threats and associated risks for company through ethical hacking labs (buffer overflow creation, detection and exploitation of a vulnerability, implementation of MITM technics...).
-
Bull
- Project manager and consultant in administration, virtualization and security
Les Clayes-sous-Bois
2009 - 2012
From audits to training in VMware virtualization architecture, I worked as a complete technical project manager and as a complete IT architect to deploy and support stakeholders on complex VMware architecture based on SAN and NAS storage.
Some missions:
- STX Europe at St Nazaire: be the project manager and the VMware expert for a total renew of their architecture (technologies used: VMware, EMC² cluster, Blade, Cisco).
- Montauban Hospital: be focal point to follow theirs needs and manage all missions (storage, backup, virtualization, network, training).
- Office National des Payes: deploy a Linux Red Hat cluster (RHCS) to support customer activities.
-
Bull
- Engineer trainee as consultant in administration and security
Les Clayes-sous-Bois
2007 - 2009
As an engineer trainee, i worked mid-time with Bull and mid-time with the engineering school 3IL Rodez.
My tasks:
- Missions as EMC² subcontractor consultant on data storage.
- Hardware maintenance on Bull servers.
- Deployment of Bull servers under Windows and Linux.
-
Exakis
- Engineer trainee in infrastructure and security department
PARIS
2006 - 2007
As an engineer trainee, i worked mid-time with Exakis and mid-time with the engineering school 3IL Rodez.
My tasks:
- For CG42: make a proof of concept of two solutions for schools infrastructures "Microsoft Learning Network Manager" versus "Linux Scribe".
- Internal Exakis: audit the infrastructure (Wifi access, ISA server, file server, backup, authentication...) and provide recommendations in order to improve the infrastructure and mitigate the risk.
-
Montpellier central Police station department
- Trainee in infrastructure and security department
2006 - 2006
- Day to day administration of Windows (2003) and Linux (RedHat, CentOS) server (Active Directory, print, file and Exchange server).
- Deployment of a monitoring solution based on Linux with Nagios.
-
Bersam / SK2H
- Trainee in network and telecommunication department
2005 - 2005
- Installation and configuration of Windows server 2003 and Linux NITIX server as LDAP server, impression server, file server, backup server.
- Routers (professional internet boxes) configuration.