Benjamin - Consultant cybersécurité RISQUE

WORK EXPERIENCE

Since 07/2019, Paris – Founder of OpenSec Consulting and cybersecurity consultant

2016-2019 Devoteam, Levallois – Principal Consultant, Secure Data Analytics offer manager

2018/19 SGCIB: Definition of eFraud strategy for wholesale markets. I supported the CISO global team
to review the critical process and design solutions to monitor transaction chains and protect Corporate
clients against cybersecurity threats with Big Data technologies.

2018/19 SGCIB: Running eFraud operations. I automated and optimized (up to x24) the overall data
processing (ETL, processing, enrichment, rules, alerting and reporting) using Python and Jupyter
notebooks (Anaconda 3). I led security incident investigation (forensics) and reporting to management
and parteners I ensured coordination with security experts (SoC and CERT) on new threats and IoC
(phishing, malware, SE etc.) to be implemented in the rules or for investigation in service history.

2017/18 SOCGEN: R&D of fraud detection applications in real time with Machine Learning and Big Data
technologies. I managed projects within a fast-growing team and skillsets (6 to 28 people in 16 months)
to deliver real time scoring on Instant Payment and eBanking in a top French retail banking.
Other clients: I delivered several DPIA (RGPD) as IT security expert in Luxury and Insurance fields and I
managed a team to maintain ISMS certification of secure services delivered in SaaS.

2009 - 2016 CAPGEMINI SOGETI ESEC, Paris – senior consultant
Sogeti ITSEF / Information Technology Security Evaluation Facility – evaluator / CISO
Mission: develop skills and organization to meet Common Criteria requirements under French
Certification Scheme managed by ANSSI (French Prime Minister’s Agency)
Main tasks: risk analysis (EBIOS), security policy & procedures; System design and implementation:
dedicated evaluation network, infrastructure and applications to manage Evaluation Technical Reports
(ETR); Quality management system for testing facility (ISO/IEC17025); Pre-sales and sales activities for
Common Criteria (international) and CSPN (national) certification by ANSSI.
Results: COFRAC accreditation and Common Criteria license granted by ANSSI in 2015.
Sogeti ESEC / Audit Provider for Information System Security division – CISO
Mission: build and implement the security management system for qualified audit activities.
Main tasks: Risk analysis (EBIOS), security policy, security procedures writing and enforcement
Results: system audited and qualified in 2012 by ANSSI.
Sogeti ESEC - information security consultant

2015 SOCGEN: Team leader (R&D) for fraud detection system development in retail banking using
Splunk to define, develop, package and deliver Splunk App to the eFraud analysts to identify and
investigate threats (phishing, malware, social engineering etc).
Client projects: Writing security targets for Common Criteria and CSPN (French level) evaluation: digital
signature, timestamping, virtual web browsing, traction system, one-time password, mobile device
management. Conducting risk analysis of industrial systems following French methodology (EBIOS) with
NIST 800-53 and ISO 27002 for security controls and risk analysis (EBIOS) for French MoD
Client missions: Managing and conducting risk analysis on big data projects in a major French telecom
company.

2012 - 2014 CAPGEMINI Aerospace & Defense, Paris – Big Data consultant
Mission: involved in R&D team to implement new real time processing systems on top of hadoop.
- Application development for data processing (batch and real time) for event correlation and
enrichment using Open Source frameworks for data processing (speed layer)
- DevOps: building Big Data infrastructure and applications pipeline (monitoring with Splunk)
- Architecture and performance evaluation (benchmarking) with automated tools
Results: real time processing architecture (application & infrastructure) delivered in production