Michel - Assistant à maîtrise d'ouvrage MS PROJECT

EXPERIENCES AS A FREELANCE

GRC & CYBERSECURITY CONSULTANT (current)
GROUPAMA Insurance Group
- Intervene as a GRC expert across IT applications projects, business units and operations, turning
business and cyber risks into security and compliance requirements (ISO27000, NIS, PCI-DSS, RGPD)
- Engineering of GRC process for ServiceNow

GRC & CYBER RESILIENCE CONSULTANT
Confidential cie (Cyber Resilience and GRC Management platform)
- Specify, co-design the platform dedicated to the continuous improvement of compliance with strategic
objectives and operational constraints (including regulatory constraints), based on advanced real-time
diagnostic functions, dashboard (KPI/KRI) and actions monitoring
- Supervise the security of applications (Shift Left (Security-by-Design, TDD, DevSecOps...))

CYBERSECURITY TRAINER
EPSI, DAWAN (courses in French and English) 2016 - today
- Courses content: SMSI deployment and audit, Continuous security improvement, Risk management, Standards and certification (NIST, ISO27000, EN 303 645, CyberSecurity Act, ISO31000, GDPR...), Risk Mngt, Attack surfaces and vulnerabilities reduction, Application security, Network security, Cloud security, IoT security, DevSecOps, Penetration Testing, IDS/IPS, Identity & Access Management, Authentication Methods, Encryption, Incident Management, Security and Compliance Audits...

PROJECT MANAGEMENT TRAINER 2016 - today
Air Force, ORSYS, CEGOS, SPARKS…
- Project Portfolio Management and Optimization
- Project Methodologies and frameworks (PMP, SDLC, Kanban, Agile, DevOps...)
- Management of complex projects (technical, geographical, political complexity, etc.)
- Management of different types of projects (transformation, migration, R&D...)

CYBERSECURITY CONSULTANT
NICE 2021
- Evaluate Cybersecurity Cymulates' platform for Penetration Testing and simulation of cyber-attacks
- Analyze and compare competitive platforms (XM Cyber, SafeBreach...)

CYBERSECURITY CONSULTANT
SECURITAS DIRECT 2018 - 2019
- Applications portfolio auditing, map the European IT infra (IoT<>mobile<>servers)
- Identify the attack surface, threats, vulnerabilities and associated risks
- Establish a roadmap for SMSI and Applications Security improvement (ISO27001, DevSecOps)
- Set up steering committee and workshops for monitoring the security roadmap implementation

PROJECT DIRECTOR
SUEZ (Smart City Platform Development Project) 2017 - 2018
- Supervise and prioritize backlogs (AGILE / SCRUM, CA PPM (CLARITY) and Agile Central)
- Contribute to dev/prod platform architecture (Kubernetes/Docker, Kafka, LogStach, storage (InfluxDB, ElasticSearch, MongoDB), visualization (Kibana, Node-Red) and APIs management (Swagger, Kong)
- Secure confidentiality, integrity and availability of information from incoming data flows down to storage and API delivery, with attention to anonymization and GDPR

CYBERSECURITY & R&D CONSULTANT (co-founder)
EGGOZ (IoT) 2016-2019
Coach the design and deployment of the SMSI (policy / ISO27000)
Contribute to the design of IoT devices and Web Server from a Security standpoint
Validate the distributed architecture of the platform (local and web) and support patent filings

INFORMATION SECURITY MANAGER
GREENTM (Regulation & Conformity Audit Platform) 2016 - 2017
- Specify the functions of the platform and compare with existing security audit solutions
- Automation of GDPR and IT security audits (ISO27001) and follow-up of recommendations
- Design algorithms for analysis and scoring of audit results, and associated dashboards

PREVIOUS EXPERIENCES

CTO (Co-Founder) / B2B SaaS platform
WITME - 2011-2016
- Monitor projects budget, respond to calls for tenders, Deal with techno subcontractors and partners
- Manage and monitor the application developments (AGILE/SCRUM, CI/CD)
- Identify-analyze-prioritize-mitigate operational risks, Prepare and test the Disaster Recovery Plan
- Define the security procedures for the development and production platforms (/ ISO27000)

PROGRAM DIRECTOR / Deployment Management (VOIP infrastructure)
SIEMENS ENTERPRISE COMMUNICATIONS - 2009-2011
- Industrialize the VOIP deployment (4000 sites) and set process and tools for project risk management
- Review the sites architectures in consideration of threats and vulnerabilities (Security-by-Design)
- Review the architecture of the European Datacenter (collection/ aggregation of asset manag. data…)
- Design the methods and tools for automatic KPI and SLA aggregation at national and global level

PROGRAM DIRECTOR / Deployment Management (Satellite infrastructure)
ELYON - Ivory Coast, 2008-2009
- Launch and lead the African program (portfolio of 40,000 VSAT station sub-projects, OSS, BSS)
- Validate the Datacenter IT architecture for resilience, stability and scalability
- Define and deploy the Security Policy in accordance with ISO27000
- Identify threats, Study potential vulnerabilities, Define and implement security controls (segmentation and security of internal and external networks, burial of datacenter, Setting of access controls…)

PROGRAM MANAGER / IT TRANSFORMATION
BNP-PARIBAS - United Kingdom, 2006-2008
- Set-up steering committee and workshops for ITIL, COBIT and CMMi deployments
- Align IT on operations (COBIT) for the trading floor (1000 in traders + back office)
- Review and approve the IT Security Plan according to ISO 27000 and bank security policy
- Identify the scope, Key Risks Indicators and Criticity of primordial and IT assets

CTO, Co-Founder / Straight-Through Data Processing (Finance)
DECISIONX TRADING PLATFORM - France, 2003-2006
- Design platform architecture for real-time data feeds processing and data mining
- Ensure continuous network connectivity and access to trading platforms for placing the orders
- Implement of financial data analysis (predictive analysis, moving averages, technical indicators…)
- Modelling of Front-Middle-Back office processes:

PREVIOUS EXPERIENCES IN THE FIELD OF TELECOM AND DEFENSE
SPY SATELITTE, SECURED NETWORKS, ENCRYPTION, WEAPON SYSTEMS

Initial Training and Accreditations

- Physic and Chemistry first grade at Pierre & Marie Curie University, Paris
- Computer engineering master at Pierre & Marie Curie University, Paris
- Former ISO 9000 Auditor