About this site

This personal blog aims to share my passions, mostly IT and geek-related topics. Expect posts about self-hosting, 3D printing, self-hosting, homelabing, and information security, along with anything else that sparks my curiosity. If you enjoy tinkering with servers, experimenting with new tech, or securing your digital life, you’re in the right place.

Who am I ?

I am a cybersecurity engineer for Navya Mobility, a self-driving vehicle company. I have worked at Wavestone as a senior cybersecurity consultant for around four years from 2019 to 2024.

I have graduated from Ecole Centrale de Lyon in 2019 after a Master in Computer Science and Engineering at the Pennsylvania State University.

Profesionnal Experiences

Deputy CISO - Navya Mobility - 2 years Current Role

Navya Mobility is an autonomous vehicle company of around 200 collaborators. The cybersecurity team consists of two collaborators.

  • Implementation of a cybersecurity strategy for the OT (Operational Technology) part of the Information System to address risks and ensure regulatory compliance for autonomous vehicles.
  • Developed and formalized an Information System Security Policy (PSSI) based on ISO 27001.
  • Created and formalized a security integration process for projects (ISP) tailored to the company’s operation processes.
  • Deployment of Wiz CNAPP (Cloud-Native Application Protection Platform) tool on AWS and Azure environments. Laying the groundwork for a SIEM (Security Information and Event Management) system.
  • Integration of AWS IAM Identity Center with Active Directory.
  • Ensuring compliance of autonomous vehicles with UN R155 & R156 regulations (based on ISO 21434) and machinery regulations.
  • Established a crisis management policy and a cybersecurity incident response plan. Formalized priority actions and projects to improve resilience capabilities. Implemented immutable backups using AWS compliance lock.
  • Monitored threats and vulnerabilities on the infrastructure managing autonomous shuttle fleets.

Internal activities – Wavestone Consulting – 4.5 years

  • Participated in Wavestone DevSecOps business offering. Creation of a business offer framework for clients seeking to strengthen the security of their CI/CD and their software development processes.
  • Internal training for junior consultants on the basics of cybersecurity. Training over one week, in which I participated two days per month.
  • Project management and supervision of junior consultants (up to four) on different cybersecurity engagements with clients.

Cybersecurity Architect Société Générale – Wavestone Consulting – 1.5 years

SocGen (Société Générale) is one of the biggest French bank. I worked as a security architect within the RESG/GTS/SEC teams.

  • Project lead within security architecture teams (RESG/GTS/SEC) focused on cybersecurity products. Conducted various studies on the architecture of the bank’s internal security products. Formalized risk analyses, budget studies, and integration studies.
  • Architecture review of CyberArk PAM (Privileged Access Management), bastion hosts, etc.
  • Architecture review and design of the new SIEM (Security Information and Event Management) in AWS.
  • Conducted a study on the architecture of a SIEM system compliant with the PDIS LPM (Military Programming Law). Formalized gap analyses against regulations and budgeted the compliance project.
  • Architecture review and comparison of two vulnerability scanners, Qualys vs. Microsoft Defender for Endpoint (vulnerability capabilities) in a PCI DSS context (network isolation, etc.).

Shadow IT Analysis AXA UK – Wavestone Consulting – 3 months

  • Studied the implementation of systems to reduce "Shadow IT" at AXA XL in order to ensure compliance with SOX regulations. The goal was to create a roadmap to use existing tool set to detect Shadow IT. For example we could use the EDR on workstations to detect access to Dropbox and potential data exfiltration.

DevSecOps Analyst HSBC UK – Wavestone Consulting – 1 year

  • Support various HSBC business units to enhance the cybersecurity posture of CI/CD pipelines.
  • Conduct cyber exercises to test innovative approaches for addressing cybersecurity within the group, focusing on topics such as pipeline automation, awareness, vulnerability management, etc.

Cybersecurity Audit for La Française Des Jeux – Wavestone Consulting - 1 week

  • Conducted a cybersecurity audit inspired by ISO 27001 as part of the renewal process for Française des Jeux’s (FDJ) cyber insurance contract.

EBIOS RM French Ministry of Defense (MinArm) – Wavestone Consulting – 6 months

  • Construction of a formal EBIOS Risk Manager (EBIOS RM) risk assessments on 5 critical applications.
  • Creation of a repository and framework for tracking software vulnerabilities.

Project Security Integration TotalEnergies – Wavestone Consulting – 1 year

TotalEnergies is the biggest French company in the energy sector. I worked as a cybersecurity project lead within TGITS teams.

  • Conducted around 80 risk analyses within a cybersecurity service-center for "out-of-the-ordinary" projects (RFP, Cloud, On-Premise, etc.) based on technical architecture documents and meetings with technical and business teams.
  • Formalized risk analyses, SOC detection strategies, and action plans to mitigate cybersecurity threats.
  • Example projects: migrating the group’s email addresses to @totalenergies.com, Microsoft Defender for Endpoint and O365 security product integration.

Cyber-resilience Société Générale – Wavestone Consulting – 4 months

  • Developed a project roadmap to enhance resilience in the event of large-scale infrastructure destruction.
  • Collaborated with CERTs Wavestone and SocGen to create realistic destruction scenarios (e.g., ransomware). Based on these scenarios, we analyzed the impacts and reconstruction steps (Active Directory, backups, DNS, etc.) to advise on resilience objectives.

CISO Assistant Nexity – Wavestone Consulting – 1 year

  • Delivery of a range of activities to support the CISO (Chief Information Security Officer): strategic cybersecurity roadmap, security integration into projects, EBIOS-RM risk analysis…
  • Deployed and technically configured an EDR (Endpoint Detection and Response) solution on workstations. Provided operational monitoring of incidents reported by the tool and managed the associated response processes.
  • Managed incidents on workstations using Microsoft Defender EDR. Created custom detection rules based on current threats to assess potential compromises.
  • Updated the Information System Security Policy (PSSI) based on ISO 27001.
  • Updated the existing security integration process for projects (ISP) tailored to the company’s operation processes.

Research Assistant – Systems and Internet Infrastructure Security Laboratory – Pennsylvania State University – 2 years

  • Conducted cybersecurity research focused on adversarial planning, under the supervision of Dr. Patrick McDaniel. White paper on AI and Adversarial Planning.
  • Developed a Python algorithm to optimize an adversary’s effect on artificial intelligence planning algorithm performances.
  • Presented work at conferences and symposiums on cybersecurity, automation, and data protection.