A nonexhaustive list of my past working experiences.
AWS Information System Security Policy
Industry
Cloud Security Monitoring, Application of the ISSP
Industry
DevSecOps implementation inside of a CCOE
Insurance
Django lead developer
Managed SOC Service Provider
IT Project Management
Industry
SOC Governance
Industry
Request For Proposal
Industry
White Paper
Consulting Firm
AWS Information System Security Policy
Redaction of a new ISSP dedicated to AWS Cloud environments for a major Industrial Group
Following an executive decision to privileged a Cloud first approach for releasing new IT Applications, a major European Industrial company decided to create a new Information Systems Security Policy dedicated to its Cloud environments in order to provide a standardized security framework to its IT operational teams.
Cloud Security Monitoring, Application of the ISSP
Implementation of an ‘’Infrastructure as Code’’ solution conforms to the group ISSP requirements
Implementation of a centralized Cloud security monitoring solution specific to AWS environments. Leveraging AWS SaaS services and Infrastructure as Code capabilities to provide a solution easy to set up and update, based on an AWS Elasticsearch Cluster configured with adequate visualizations and dashboards.
Definition and implementation of Security Automation in the DevOps processes of an Insurance company.
Among the CCOE (Cloud Center for Operational Excellence) of an International Insurance company, I’ve led the implementation of security procedures and controls applied to the Group AWS environments. This mission had both a technical component with the development and integration of new services in an AGILE environment as well as an organizational component including the training of internal staff to those new processes as well as a tight collaboration with the DevOps team.During this mission, I’ve leveraged the following technologies and services: Splunk, Terraform, Jenkins, Packer, CyberArk Conjur, AWS Config, lambda, API Gateway, SNS, SQS, and ServiceNow
Development of a client web platform for service overview and push notifications
In order to comply with French regulators to provide their services to Essential National Operators ( water, electricity, telecommunications …) and companies operating in strategic or sensitive areas ( banks, sensitive industries … ). A Security Operation Center Managed Security Service Provider ( SOC MSSP ) had to develop a web platform allowing to provide a real-time overview of the service to its clients.
The platform capabilities included the visualization of current Events Per Second and Flow Packets Capture and evolution of the average during a period of time, the tracking of security tickets, the withdrawal of weekly and monthly reports as well as sending direct notifications by SMS and/or email in case of a Major Incident.
Participation in the definition of a Million Euro Project aiming to raise the overall information security level of a major Industrial Company
Lead in the definition of a three years project aimed to increase the overall information security level of an International Industrial Corporation.
This project had three different components, two of them were related to user identity federation across the Group as well as Identity and Access Management, my part was linked to an enlargement of the scope of collected logs for the group SOC service. I had to organize workshops with different application owners across the organization to confirm the exact perimeter of each of those applications (not always up to date in the group CMDB) with the number of machines, their installed operating systems, middlewares, and softwares.
Several smaller projects to manage for the SOC and CSIRT services of a major Industrial company.
Governance and Project Management of an externalized SOC service from client side. This mission included the review of collected logs, the integration of new sources (MDM, EDR, CASB, AWS, Azure, IPAM, CyberArk) with the definition of associated detection rules and use cases as well as the enhancement of already implemented correlation rules in Qradar SIEM engine.
Redaction of a Request For Proposal to renew the Security Monitoring Solution of a major Industrial Group
The Security Monitoring Solution of a Global Industrial Company was close to End of Life and needed to be renewed. The context was a bit particular as the company was at a turning point in its history as they were both separating from their mother company and merging with a concurrent in their core business.
Preparation of workshops with company IT and Security executives to take all of their requirements and constraints into account and strategic partnership with an adequate technical provider to promote a solution.
Based on my return of experience in this field, redaction of a White Paper: ’’ How to measure the efficiency of a SOC service? ’’ in collaboration with other cybersecurity consultants.