Benjamin - Consultant cybersécurité RISQUE
Ref : 200213B002-
75016 PARIS
-
Consultant cybersécurité (39 ans)
-
En profession libérale
WORK EXPERIENCE
Since 07/2019, Paris – Founder of OpenSec Consulting and cybersecurity consultant
2016-2019 Devoteam, Levallois – Principal Consultant, Secure Data Analytics offer manager
2018/19 SGCIB: Definition of eFraud strategy for wholesale markets. I supported the CISO global team
to review the critical process and design solutions to monitor transaction chains and protect Corporate
clients against cybersecurity threats with Big Data technologies.
2018/19 SGCIB: Running eFraud operations. I automated and optimized (up to x24) the overall data
processing (ETL, processing, enrichment, rules, alerting and reporting) using Python and Jupyter
notebooks (Anaconda 3). I led security incident investigation (forensics) and reporting to management
and parteners I ensured coordination with security experts (SoC and CERT) on new threats and IoC
(phishing, malware, SE etc.) to be implemented in the rules or for investigation in service history.
2017/18 SOCGEN: R&D of fraud detection applications in real time with Machine Learning and Big Data
technologies. I managed projects within a fast-growing team and skillsets (6 to 28 people in 16 months)
to deliver real time scoring on Instant Payment and eBanking in a top French retail banking.
Other clients: I delivered several DPIA (RGPD) as IT security expert in Luxury and Insurance fields and I
managed a team to maintain ISMS certification of secure services delivered in SaaS.
2009 - 2016 CAPGEMINI SOGETI ESEC, Paris – senior consultant
Sogeti ITSEF / Information Technology Security Evaluation Facility – evaluator / CISO
Mission: develop skills and organization to meet Common Criteria requirements under French
Certification Scheme managed by ANSSI (French Prime Minister’s Agency)
Main tasks: risk analysis (EBIOS), security policy & procedures; System design and implementation:
dedicated evaluation network, infrastructure and applications to manage Evaluation Technical Reports
(ETR); Quality management system for testing facility (ISO/IEC17025); Pre-sales and sales activities for
Common Criteria (international) and CSPN (national) certification by ANSSI.
Results: COFRAC accreditation and Common Criteria license granted by ANSSI in 2015.
Sogeti ESEC / Audit Provider for Information System Security division – CISO
Mission: build and implement the security management system for qualified audit activities.
Main tasks: Risk analysis (EBIOS), security policy, security procedures writing and enforcement
Results: system audited and qualified in 2012 by ANSSI.
Sogeti ESEC - information security consultant
2015 SOCGEN: Team leader (R&D) for fraud detection system development in retail banking using
Splunk to define, develop, package and deliver Splunk App to the eFraud analysts to identify and
investigate threats (phishing, malware, social engineering etc).
Client projects: Writing security targets for Common Criteria and CSPN (French level) evaluation: digital
signature, timestamping, virtual web browsing, traction system, one-time password, mobile device
management. Conducting risk analysis of industrial systems following French methodology (EBIOS) with
NIST 800-53 and ISO 27002 for security controls and risk analysis (EBIOS) for French MoD
Client missions: Managing and conducting risk analysis on big data projects in a major French telecom
company.
2012 - 2014 CAPGEMINI Aerospace & Defense, Paris – Big Data consultant
Mission: involved in R&D team to implement new real time processing systems on top of hadoop.
- Application development for data processing (batch and real time) for event correlation and
enrichment using Open Source frameworks for data processing (speed layer)
- DevOps: building Big Data infrastructure and applications pipeline (monitoring with Splunk)
- Architecture and performance evaluation (benchmarking) with automated tools
Results: real time processing architecture (application & infrastructure) delivered in production
EDUCATION
2008 – 2009 Master of Science - Computer and Information Security
University of Plymouth (UoP) - Plymouth, England.
MSc thesis entitled “A study of the McEliece Cryptosystem” - grade 71/100.
2004 – 2009 ESIEA Paris (École Supérieure en Informatique, Electronique et Automatique)
Master of Science (Diplôme d’Ingénieur)
Final report entitled “Information technologies security evaluation”
Grade: highly honorable with praise
2008 (2 weeks) Intensive Security Programme 2008 (European Programme)
Hogeschool van Amsterdam - Amsterdam, The Netherlands.
COMPUTER SKILLS
Languages Python / bash / PIG / LaTeX / Ruby
Software Security tools: Wireshark, Nessus, Nmap, Kali, Snort, Scapy
Data processing: zookeeper, kafka, storm, hadoop, hbase, mesos, spark
Monitoring: ganglia, logstash/kibana
TRAI NING
Security on Operations AWS – 3 days (Nov. 2016) // Passport MBA – 3 days (Nov. 2012)
ISO/IEC 27001 “Lead Auditor” – 5 Days (Sep. 2011) // ISO/IEC 27002 – 2 Days (Jan. 2010)
CONFERENCE SPEAKER
February 2018-19 Paris, ESIEA, MS SIS, introduction to Big Data & application security
March 2015-19 Paris, ESIEA, MS SIS, introduction to Common Criteria
April 2015 Paris, ESEC, Vulnerability assessment in Common Criteria
October 2015 Paris, ESEC, Cyber security and Big Data concerns
CONFERENCE ATTEND ANCE
FIC 2020, Big Data Paris congress exhibition 2014/2015/2018, Hack in Paris 2017, SSTIC 2015,
International Common Criteria Conference 2010 (Antalya).
OTHER SKILLS
Languages: French (Mother tongue), English (fluent)
Valid French driving license