Sébastien - Chef de projet FIREWALL

Expérience professionnelle

EXPERIENCE:
Network and security architect
Project manager

SKILLS SUMMARY
SKILL LEVEL
Enterprise architecture and associated framework (TOGAF certified) Expert
Project management Advanced
Governance, risk management and compliance (GRC). Security standards and norms (ISO 2700X, EBIOS, SSP/PAS, DRP …) Intermediate
Security architectures
(Firewall, Bastions, IDS/IPS, IPSEC solutions, SIEM, Identity and Access Management) Expert
Network architectures – LAN, WAN, Datacenter with associated protocols and tools (IP protocols, MPLS, BGP, QOS, fabric networks …), monitoring architectures. Expert
DAST (Dynamic Application security Testing), Statis Application Testing (SAST), Pathc management Intermediate
System infrastructures (LINUX, windows, private cloud solutions, backup and storage solutions) Intermediate
Finance and cost evaluation Advanced

*Different level of expertise: Novice, Beginner, Intermediate, Advanced, Expert

Freelance – Network and security architect 11/2019-2020


OBJECTIVES:
With the role of network and security architect, I had in charge to define a technical architecture for manufacturing assets connection (Industry 4.0). The perimeter was SAFRAN manufacturing sites (19 worlwide sites). I had to analyze SAFRAN corporate security standards, collect the need (sites audit,assets inventpry, business consultation) and propose according technical scenarios (pros/Cons, costs, maturity, context). I was in front of technical experts and solution providers.

L

SKILLS AREA – SPECIALTIES
IOT/O environnements
Network security infrastructures (Palo Alto firewalls, Cisco Catalyst (9X000 switches/routers). Network segmentation and micro-segmentation.
Business requirements
Technical design
File transfert services solution (“passe-plat” based on fullsync, netapp and windows servers))
Remote maintenance tools (beyond trust)





ACITIVITIES
Legacy analysis (manufacturing assets inventory)
SAFRAN security standards (based on ANSSI preconisations) analysis
Architecture scenarios proposition (workshop, pro and cons, associated cost). Some parts was based in design to cost method.
ARD (DATG) document writing, presentation and delivery
Workshop management






CGI – Security consultant 2017 -2019


OBJECTIVES:
With the role of security consultant, I had in charge many missions around security for CGI bundles: Governance, risk management and compliance. I had in charge Security Policy definitions,( ISO 27001 compliance, GDPR compliance, Data Recovery Plan, security audits follow-up). I was also acting as architect internal development projects.
In addition, I was also acting as security offers responsible: people recruitment and management, commercial offers writing … This activities was led “ part time”: 20% of my working time.



SKILLS AREA – SPECIALTIES
RGPD
ISO27701
EBIOS
GDPR
Static Application Security Testing (SAST, code analysis tools), Dynamic Application Security Testing (DAST, Pentest and vulnerabilities scan)
System security (containers, hypervisors)
Patch management (CVE analysis)
Functional design





ACITIVITIES
Risk Analysis on customers application
Seurity By Design
Support to development project: security architecture definition



2017-2019
CGI - Technical project manager for LABANQUEPOSTALE


OBJECTIVES:
With the role of technical project manager, I had in charge the upgrade of LAN and Security infrastructure in the datacenter (100 equipments replaced). The customer was LABANQUEPOSTALE. I led the overall project, taking under my responsibility the architecture definition, the contractual negotiation, the communication, and the team management. The main challenges were operational and planning constrains. I had to lead changes with more than 20 participants on the more sensible ones. I was managing a team of 4 FTE for the project.



SKILLS AREA – SPECIALTIES
Project management
Security infrastructures (CISCO ASA, FORTINET solutions)
Network infrastructures (CISCO NEXUS)
Monitoring architectures (SPLUNK, NAGIOS,
ITIL environnment





ACITIVITIES
Project road map definition (planning, workload, miles stones)
Interface with business (migrations impact analysis, Move Into Production dates planification communication)
Move Into Poduction preparation (CAB communication and participation)
Migration scenarios definition, technical solutions (proposed by architects) validation
Resources management (4 FTE)



2016-2017
ALTRAN – Security architect for AIRBUS defense and Space


OBJECTIVES:
With the role of security architect, I had In charge to support AIRBUS Defense and Space in the compliance with French security directive “901” related to “Diffusion restreintes” data processing.
We had to analyze the requirements, make an image of the legacy and, based on EBIOS risk analysis, determine the parts of the information systems which have to be enhanced in order to reach the compliance.
I took in charge the definition of security solutions from requirements analysis to Architecture description. I was the relay between project team, experts and the operational responsible.
The main challenge of this mission was the environment of AIRBUS defense and space. They have strong confidentiality and industrial constrains due to the content of their business.



SKILLS AREA – SPECIALTIES
Administration bastion solution (Wallix)
Network segmentation for industrial environments
Authentication infrastructures (Kerberos, Microsoft Active Directory, NTLM V1 and V2) …)





ACITIVITIES
Business Requirements Dossier writing
Architecture Dossier redaction
Editors selection and coordination (wallix, Cyberark)
Architecture scenarios identification and proposition (BESPOKE Vs COTS, budget, pros/cons …)
Risk analysis support




2012-2016
ALTRAN – Network and security architect for AIRBUS GROUP (CORP IT)


OBJECTIVES:
As a network and security architect, I had to define and deliver solutions for AIRBUS (CORP IT team). I was a member of the architect core team. The main challenge was the international configuration of the project. I had in charge the lead of technical design from the requirements to the move into production. The perimeter was a wide network connecting 600 remote sites and based on 5 regional networks. We worked with high level experts helping us on all these subjects (CCIE architects).



SKILLS AREA – SPECIALTIES
MPLS WAN network (VRFs technologies, BGP, QOS)
Network flows analysis based on netflow
Security infrastructures (IPSEC solutions, Internet proxies, Firewalls, SYSLOG, PKI)





ACITIVITIES
Ensure technical coordination of WAN carriers (OBS, NTT, Telefonica)
Workshops organization and participation (architecture committees follow-up)
Architecture needs analysis, architecture documents delivery
Architecture committees
Sensible move into production organization and coordination (detailed action plan definition, impacts analysis, technical experts interface)

2009-2011 - Responsable d'exploitation Agricole
Reprise et Gestion de l'exploitation agricole familiale. Mise à jour de l'outil de production,
conversion à l'Agriculture Biologique. Mise en places de partenariat, redéfinition des modes
de vente.

2005 à 2009 - Chef de projets réseaux et sécurité - SOGETI pour AIRBUS

Lancement des appels d’offre, sélection et négociations contractuelles. Organisation des réunions, coordination, plannings, reporting, communications. Définition et validation de la solution technique. Application de la méthodologie projet GPP d’Airbus.

Intervention en tant qu'architecte sur des projets à dimension internationale ( Chine,
États-Unis, Espagne). Déplacements en France, Allemagne et Chine.
Périmètre technique: Réseaux LAN/WAN, MAN Ethernet, Interconnexions LAN/WAN, Firewalls (CHECKPOINT), VRFs, authentification (RADIUS/LDAP), routage et switching Cisco, VPNs IPSEC, DMZ.

2001 à 2005 - Ingénieur d’études en sécurité informatique – TRANSICIEL pour AIRBUS
Validation du niveau de sécurité de solutions informatiques, proposition technique de solutions sécurité. Gestion de projets sécurité à temps partiel.
Périmètre technique: Firewalls, systèmes d’authentification (LDAP, RADIUS) et sécurité WEB (Siteminder), DMZ.

1999 à 2001 - Ingénieur d’exploitation réseaux et sécurité – CR2A-DI pour AIRBUS
Administration et exploitation d’équipements réseauw et sécurité
Périmètre technique: LAN, PPP, firewalls checkpoint, RADIUS Activcard/RSA, Solaris ;
IPSEC.