Richard - Consultant cybersécurité FIREWALL

Expérience professionnelle

16 March 2020 to present DINUM (OFFICE OF THE FRENCH PRIME MINISTER) - CONTRACT POSITION PARIS
Chief Technology Architect and Cyber Security Officer / CISO DINUM / Clearance Officer / Deputy DPO  Lead the Architect and CISO team to define, implemented and developed architecture standards and
provides technical and Cyber Security for all Government Department (Ministries),  Provide leadership for the Ministries and its agencies within the information security and IT architecture,  Formulate information security goals and establish policies, standards and procedures in line with whole-ofgovernment cyber security directions,  Business Continuity Program Management,  Operational Resilience Program Management,  Ensure cyber security compliance to whole-of-government policies and standards,  Review, endorse and align information security and develop risk management and mitigation plans,  Advise management on the appropriate cyber security solutions and technologies to be deployed,  Align IT needs with the strategic cyber security direction of whole-of-government,  Implement change management process to keep up with evolving cyber threat landscape (with ANSSI = The
National Cybersecurity Agency of France),  Collaborate with National Cybersecurity Agency of France (ANSSI) for all subject cyber security, cyber
defense et resilience for French all government departments and public administrations,  Collaborate with French Data Protection Authority (CNIL) for the implementation and security personal
data protection in all projects and products,  Lead the creation and evolution of the French Government architecture program (FranceConnect, Tech.gouv,
Pilot, Tchap, OSMOSE, RESANA, ...)  Lead the development of an implementation plan for the public service architecture based on French
Government requirements. o Team management: IT Architect, Information Security Officer, Principal Cyber Security Engineer,
Interns and Apprentice.
Technical environment:
- Windows, Linux, UNIX,
- DevOps, Micro-services, SQL, noSQL, PostgreSQL, EAI, ESB, Web Services, APIs, SOA, REST, BPMN,
Data Management Platforms (DMP), Progressive Web Applications (PWA),
- Java, J2EE, JBOSS, C++, Python, NodeJS, Shell,
- ISO27001, ISO27002, ISO27005, EBIOS, EBIOS Risk Manager, DevSecOps, eIDAS, GDPR, EU Cybersecurity
Act, PSSIE, IGI901, IGI1300

Ap. 2019 to present GENDARMERIE (FRENCH GOVERNMENT AGENCY - OPERATION RESERVE), France
Crisis Advisor: Cyber Security – Information Security - Cybercrime Investigator & competitive Economic Analyst
 Responsible for collecting, analyzing, and disseminating all-source intelligence on a range of topics to include
space, counterspace, cyber, and emerging technologies.
 Provide documentation and reporting for investigation and litigation or digital evidence handling, preservation,
and storage.
 Identify emerging cybercrime trends and methodologies.
 Provide investigative and analytical support to criminal investigations.
o Cyber Risk and Strategic Analysis,
o Vulnerability Detection and Assessment,
o Intelligence and Investigation,
o Networks and Systems Engineering,
o Digital Forensics and Forensics Analysis,
o Financial Fraud Analyst.
 Sector coordinator: Cybersecurity crisis management and coordination
o ANSSI: The National Cybersecurity Agency of France,
o Frontex,
o NATO,
o EUROGENDFOR: European Gendarmerie Force,
o DGSI: General Directorate for Internal (homeland) Security
o DRSD: The French Defense Intelligence and Security Directorate
o TRACFIN (Intelligence processing and action against underground financial circuits).

Feb. 2020 – 10 March 2020 FORTIL - FREELANCE GENEVA, SWITZERLAND
Group Head of Information Security & Cyber Security Offering (France, Belgium, UK and Switzerland)
 Leader of the implementation of industry best practices for physical and technical security elements:
o Access controls, lighting and security signage, CCTV and video management systems, alarm
systems, communication systems, visitor management, emergency response, Photo ID systems etc.
 Leader of the Information & Cyber Security management:
o Strategy, Governance, Audit, Risks, Crisis management, Security incident response, Threat
intelligence, Data Protection and Vulnerability management.
 MDM (Mobile Device Management), FAM (File Activity Monitoring), DAM (Database Directory Monitoring),
ISO/IEC 27000 series, NIST Cybersecurity Framework, CCTV, GDPR, Swiss Federal Data Protection Act
(DPA), COBIT, Third Parties, Security Cloud, DLP, CASB, Sandbox, WAF, IAM, PAM, SIEM/SOC, IDS/IPS,
EDR/Endpoint Security, information security assurance, Cybersecurity Maturity / Cybersecurity Score Card,
Data governance and protection, OWASP, MITRE ATT&CK, SDLC, BCP(Business Continuity Planning), DRP
(Disaster Recovery Plan), Network Security, Penetration Testing, DDoS mitigation systems and technologies.
 Information Security Committee (ISC),
 Corporate information security steering committees (CISSC),
 information security governance committee,
 Manage security vendor relationship (physical and technologies).
INFORMATION & CYBER SECURITY
 Responsible for IT and Cyber Security strategic and operational security management on all regional site,
 Responsible for the Information Security Management System (ISMS),
 Leader and manage information security incidents and events to protect Regional IT assets, intellectual
property, regulated data and the FORTIL reputation,
 Provide recommendations on Strategy, Policy, Standards, Security Controls and KRIs,
 Responsible of information security awareness & training,
 Develop and lead post-mortem exercise,
 Responsible of the Cyber security crisis exercise
 Build and manage the security dashboard,

07 Jan. – 29 November 2019 FUJITSU - CONTRACT POSITION Asnières-Sur-Seine, France
CISO - Chief Information Security & Cyber Security Officer, Region EMEIA
 EMEIA Executive Committee member.
 Document and update information and physical security processes, procedures, and standards,
 Lead strategic security planning to achieve business goals by prioritizing defense initiatives and coordinating
the evaluation, deployment, and management of current and future security technologies and practices,
 Assist the CISO Group in documenting the Security Risk Assessment,
 Manage projects and other implementation activities for security controls for the enterprise,
 Ensure that records of security operations activities are properly organized and available,
 Respond to audit and exam requests for information,
 Protecting Intellectual Property and Data Collective,
 Interface with law enforcement as necessary due to physical or information security incidents.
o Technology Risks management: EBIOS, ISO27005, NIST SP 800-37,
o Compliance: LPM, EU NIS, GDPR, NIST, SOC2, PCI, IS027001 and 27018,
o Industrial Control Systems (ICS) Security (NIST 800 - 82, ISO27032),
o Business Continuity Program Management for EMEIA region,
o Operational Resilience Program Management,
o SCADA and PLC Security,
o Automated Logistics Systems,
o Security Cloud (IDaaS, CASB & DLP),
o IAM and PAM policy implementation,
o DLP incident management,
o Security Intelligence and Operations management,
o Manage and coordinate SOC / CSIRT team
o Detection and Response management,
o Security program management,
o Audit and assessment (NIST SP 800-53),
o DevSecOps Project (Service Now)
o Vulnerability Management,
o Training and Awareness.
Staff: + 10 peoples (International teams: France, Belgium, South Africa, UK and Luxembourg)

Feb. to December 2018 FREELANCE Paris, France
Humans 4 Help
Senior Manager Risk Consulting – Cyber Security and CISO TMM Group - healthcare company
 Chief Information Security Officer, TMM Group:
o Leading the strategic vision, development, implementation, and enforcement of organization-wide
security risk assessment and control standards, policies, and procedures,
o Lead the company’s crisis management efforts and response to security incidents and threats.
o SOC / Security Cloud program organization (analysts, team incident response).
o SCADA vulnerabilities analyst, mitigation strategies and implementation remediation.
o Security business plan and compliance with IEC 62443, NIST SP 800 – 82.
o Audit and Risk management (NIST SP 800-30 & ISO27005).
 Cyber Security services & operation management (Cyber Security Manager Risk Consulting):
o Define the cyber security strategies for Humans 4 Help (H4H),
o Respond and coordinate for RFI and RFP answers:
• IAM / PAM project
• CASB and DLP integration
• GDPR Project
• DevSecOps Project
o Team management, recruitment,
o Pre-sales,
o Cyber Security program director,
 Manage and drive external:
o Technologies business Partners,
o Cyber Security and Information Security Standards Forums,
o Marketing and university forums
 Build and drive Cyber security / information security strategy and innovation:
o Information Security intelligence,
o Build the cyber security offerings,
o Cyber security innovations
• 1 week to Montreal to prepare a partnership with FX INNOVATION
Staff: +5 people (International teams: France, Canada & Senegal).

Director, Head of Global Cyber Security Department

• Chief Information Security Officer, TMM Group:
• Leading the strategic vision, development, implementation, and enforcement of organization-wide security risk assessment and control standards, policies, and procedures,
• Develop and manage to budgets for Information Security and Information Technology departments,
• Lead the company’s crisis management efforts and response to security incidents and threats.

• Cyber Security services & operation management (Cyber Security Business Unit Manager):
• Define the cyber security strategies for Humans 4 Help (H4H),
• Respond and coordinate for RFI and RFP answers
• Team management, recruitment,
• P&L management,
• Cyber security business development, customer crisis management,
• Pre-sales,
• Cyber Security program director,

• Manage and drive external:
• Technologies business Partners,
• Cyber Security and Information Security Standards Forums,
• Marketing and university forums

• Build and drive Cyber security / information security strategy and innovation:
• Information Security intelligence,
• Build the cyber security offerings,
• Cyber security innovations

• Staff: + 30 people

February 2018 – 14 August 2018, ATOS – BEZONS – France

Senior Manager, Executive Cyber Security Advisor Lead

• France Cybersecurity portfolio construction
• From Atos Global portfolio & specific offers creation for France
• Head of innovation

• Regulation, compliance & Organization (GDPR, LPM-FR, NIS, NIST, PCI-DSS, ISO27xxxx)
• Secure Digital Workplace
• Sovereignty / Trusted Cloud Environments (OVH, IBM, AWS, Azure, Google)
• Building specific offers related to the partnership Google / Atos (France)
• Data Protection / Data-Centric Approach
• 360 ° security operation (automation & orchestration)
• Market Studies & Business Plans
• Selection of technology partners
• Construction of packages (products / services)

- Sales pitch / high-level
- Documentation for presales
- Costing / P&L
- Delivery plan

• Operational management of all pre-sales cybersecurity France
• Deal evaluation / Deal qualification
• Attack plan & Response strategies (partnerships / approaches)
• Support of the sales team to present the cybersecurity offers or develop specific proposals.
• Pre-sales and offer definition
Staff: + 20 people
April 2014 – January 2018- BT Global Services – PARIS- La Défense – France

Global Delivery and Contract Account Director: Cyber security – Security Infrastructure Cloud & IT

• Act as Delivery Manager, Contract Manager and Team Management.
• Participate in all strategic IT decisions for my clients (Steering committee strategic).
• Improve on automation, quality, speed of delivery, sourcing- strategy, international cooperation, simplification and reduction of fixed cost.
• Oversee Asia and US responsibilities and significant international
• Cyber Security pre-sales and solution management,
• Cyber security development.
• Review security maturity
• Cyber Incident Response Plan (CIRP),
• Incident Response Plan (IRP),
• Information System Contingency Plan Test (ISCPT),
• Management of team Penetration Testing,
• Write and / or update security policy for the information systems.
• Network Dark Web monitoring
• Simulation APT (Advanced Persistent attacks)
• Ensure GDPR-related Policies are understood and embedded within the projects
• Contact point for the Data Protection Commission
• Acted as head of the P&L, Forecast and margin.

Revenue: +40M€ / Staff: + 50 people

September 2012 - April 2014 – ENGIE– INEO DIGITAL – CLICHY-France

Business Manager Director: Cyber Security, Cloud (IaaS,PaaS & SaaS) and Data Center


• Management of the customer accounts: sales contract and project governance
• Supervision and realization of the projects for the Storage, System Backup, Data Center, LAN/WAN and the Security IT Global.
• Management of multidisciplinary team: Storage, System Backup, Network, Telecommunications, Data Center and Security Experts and Engineers,
• Write and / or update security policy for the information systems
• The development of the Account activity and the growth of revenue
• Presentation of the RFP’s, proposal creation and management of the contractual amendments on the global and project levels
• P&L management and supervision
• Quarterly Business review with the management on the contract margin, gap and the markup.
• IAM Project
• SIEM, SOC, IDS, IPS Project
• GRC Project
• Proxy project
• Reverse Proxy Project
• Network filtering project
• Cyber Security Benchmark

Revenue: +10M€ / Staff: 20 people
September 2011- August 2012, Orange Business Service (OBS) – PARIS - France

JOB 1: Project Account Director: IT Security and Networks (LAN, WAN & MPLS)

• The definition of the services offerings to the existing customers and the new prospects
• Responsible for the outsourcing for the BULL account (projects and post-sales services)
• Evaluation and preparation for the change conduction
• Project organization in accordance to the Orange Business Services guidelines (PMI / Synergy)
• Animation of project related teams: Pilot, Operations
• Acted as lead in all international responsibilities
• Application & Infrastructure Security
• BCP: Business Continuity Planning
• DRP: Disaster Recovery Plan
• Security by design
• Network Security Audit
• IT Security Industry (SCADA / ICS)

Revenue: +5M€ / Staff: 45 people



JOB 2: Business Manager for Networks and Telephony Trading
• Management of the Technical Team
• Supervision of the various customer accounts:
• commercial development
• Loyalty
• Guidance
• P&L Management
Revenue: +5M€ / Staff: 20 people
July 2010 - August 2011 – SFR DGRE & Business Team – Boulogne Billancourt and Meudon –France

JOB 1: Networks & Telecom Project Manager: LAN, WAN, xDsl, ToIP

• Team Management (planning, skills, and charges)
• Management of the critical situations (Internal, customer, foreign operators, suppliers)
• Coordinating the engineering teams, project validation and deployment
• Following up the budget (cost management, following up the purchase orders, deliveries etc…)
• Ensuring the project completion within the set deadlines and the costs

JOB 2: WAN & MPLS Project Director Manager

• Deployment supervision and coordination of RIN4 (approx. 800 sites including with all the technologies: Internet, Ethernet, WAN, Man, VPN, MPLS, Vo IP, To IP, FH, Satellite)
• Organization and setting up of the methodology processes, writing the operational modes and the project follow up
• Reporting on project advancement in order to organize the setting up of pre-requisites for the sites (work requests, purchases, follow up with contractors and suppliers)
• Coordination of the related internal and external players (about 100 people) for the project deployment, integration and migration
• Global reporting.

April 2010- June 2010, UTRAM (business merger VIDELIO) - - Le Plessis Robinson - France

Project Manager for LCL Bank (Deployment ToIP, Service Management Data Center).

• Supervision and optimization of the services quality and preparation
• Customer relationship management (Real Estate Direction, DIS, Logistics Center of Bank LCL)
• Following up the supply of materials, deliveries to the technical teams
• Post-sales Management (Support and maintenance management)

October2009- March 2010, IPEX TELECOM (business merger acropolis telecoms& Foliateam) – Gennevilliers

Technical Service Manager (IP Centrex, ToIP, WAN and LAN)

• Direct and indirect management (18 persons: 2 coordinators, project planners, 10 technicians, 2 architects and 4 engineers).
• Manage a team for telephony, routing, switching, datacenter, and firewalls, wireless, load balancers, and similar technologies
• Provide a high level of customer focused service
• Follow the service delivery metrics (SLAs) for given service desk tickets, requests and incidents
• Developing standard technology platforms, partnerships building and managing the engineering team
• Prepare Network and IT implementation and Migration plans for LAN/WAN, Data Center, ISP and inter agencies network connectivity
• Produce and review technical statement of work documentation for all network and IT security projects.
• Develop and maintain policies and procedures toward meeting goals for infrastructure expenditures of the Data Network Infrastructure.
• Maintain contact with key Data Network suppliers and maintain knowledge of current technology, equipment, prices to minimize the investment required to meet agreed customer service levels.
• Responsible for keeping data pathway up and running for the entire MTA on a 24x7 basis, 365 days a year.

September 2006- September 2009, UNISYS – Colombes – France

Networks & Security Support Engineer L2

Management of technical incidents on L1 & L2 for the clients’ accounts (Air France, Bank Crédit Agricole, L’OREAL, ECOLAB, and Education Minister).
• Management of the various subcontractors (Coordination, Planning, reporting, budget management)
• Responsible for the technical team (technicians Unisys, consultants, subcontractors and service providers)
• Writing specifications, bid management and following up the solution deployments provided by the suppliers
• Telephony scheme design (mono site / multi sites).
• Architecture design and definition for the VPN connection for OBS.
• Audits, complex service and the deployment of infrastructures.
• Manufacturer: Checkpoint, Cisco, Juniper, Palo Alto, Fortinet, F5, Bluecoat

October 2005- August 2006, SPIE -Montpellier – France

Technical coordinator Telecommunications/ICT

• Technical Management of the IT infrastructure site in Montpellier.
• Supporting the Product Manager at project initiation meetings.
• Create/update Network Diagrams, Risk & Issue logs, Communications plans and Customer
• Administration and exploitation IT local.
• Procedure & operating mode writing for the management of the infrastructure.
• Manage the deployment of small call-out solutions and projects for our internal & external customers
• Manage the customer cancellation of solutions and components
• Ensure that equipment requirements for operations & customer projects are approved, ordered and received on time, in the correct call-out Centers