Freelance Pentest : Trouvez les savoir-faire qui vous manquent

Aperçu d'expériences de Youssef,
freelance PENTEST résidant dans la Seine-et-Marne (77)

Cybersecurity Researcher and Founder &ndash Owner of Cybersecurity tool patents (crypto)

1/2014 -
➢ Research and Development in Cybersecurity: Crypto, Patch Management, Mobile App, Advanced Intrusion Detection - Holder of 3 innovative patents (1 deposed and 2 ongoing).
➢ Development of an application for Pentesters and Management that give a real-time insight of what the pentesters are doing during their mission: Taipan Framework (ondemand demo available).
➢ ESGI professor (Cybersecurity High School in Paris)
➢ Development of an Ethical Hacking training program in collaboration with Russian researchers.
➢ Ethical Hacking Trainer
➢ Cybersecurity Tools Development: LISP, Python, C, OpenSource
➢ Solution Development: ELK, AlienVault OSSIM, pfSense, Suricata, CloudStack, OpenStack,

Senior Cybersecurity Analyst
La Banque Postale Asset Management (France &ndash Paris)
9/2017 - 1/2022
➢ System hardening project management
➢ CIS based System Hardening for servers and workstations (Linux/MS Windows)
➢ Cybersecurity advisor
➢ Office 365 / Azure Hardening and security designing
➢ Pentest against bank/financial applications
➢ Vulnerability assessment
➢ Risk analysis
➢ Reporting with Remediation
➢ Log management definition and architecture for an external SOC (SIEM Elastic)

Senior Cybersecurity Analyst
UAB (United Arab Bank &ndash Dubai)
2/2021 - 1/2022
➢ AppSec consultancy: methodologies and implementation
➢ Pentest against applications that communicates with the Central Bank
➢ Pentest: Bank Web Applications
➢ Pentest in regards of PCI-DSS certification
➢ Vulnerability assessment
➢ Reporting with Remediation
➢ Deployment of the TAIPAN PENTEST PLATFORM
➢ Cybersecurity Design

Pentester
LEASEUP (France)
10/2021 -
➢ Pentest against a webapp applications thanks to the TAIPAN PENTEST PLATFORM: Leasup is a European dematerialized property management solution for retailers such as GUCCI, LOUIS VUITTON, STARBUCKS, ...
➢ Pentest in regards of the OWASP requirements
➢ APIs exploitation
➢ Joomla and Fabrik exploitation
➢ Static code analysis (PHP/JS/SQL)
➢ Cybersecurity Design

Pentester
KAPALYA (USA)
9/2021 -
➢ Pentest against Kapalya application: Encryption Management Platform. The server-side application is composed of a Key Management server (Gemalto), an Active Directory server and a front-end.
The client-side application is composed of a binary and mobile applications (Android/IOS).
➢ Reverse engineering of the applications

Senior Cybersecurity Analyst
BNP PARIBAS: CIB
6/2020 - 12/2020
➢ CIS based System Hardening
➢ Study and implementation of CIS compliancy for more than 400 000 assets
➢ Vulnerability assessment (Nexpose, InsighVM / Rapid7)
➢ Vulnerability management (for the SOC operations &ndash integration with SIEM and Cyber Threat Intelligence)
➢ Reporting
➢ Design of defensive rules
➢ Coding of a temporary policy editor (API, Python, Shell) while Rapid7 corrects its own after bugs I have reported.

Conception, Design and Development of a new framework for CISOs, IT Cybersecurity managers, IT managers and pentesters
TAIPAN
3/2020 - 6/2020
TAIPAN is a SOC-ready solution.
Project Management
AppSec implementation
For IT managers and IT Cybersecurity managers:
➢ Understand the principles and issues of pentest
➢ Get live access to your pentesters' mission information through sophisticated dashboards
➢ Keep an eye on the operations and actions carried out by your pentesters
➢ Keep control of the tools used by your pentest service providers
➢ Be alerted live when critical Cybersecurity breaches occur
➢ Access your reports and perform the research you need
➢ Get deep insight into remediation and mitigation plans
➢ Be compliant with the Cybersecurity norms and standards that your business imposes on you
➢ Train your teams
➢ Embed pentest operations into SIEM (Elastic SIEM), Data visualization with Kibana and Grafana
For pentesters:
➢ Build and organize attacks
➢ Control the workflow of attack scenarios
➢ A unique and modern interface for: recognition, fingerprinting, vulnerability analysis, attack tools, loots, reports
➢ All hacking tools at your fingertips: keep the customer's confidence
➢ Communicate with your teams or those of your Customer
Technologies: Python, SQLAlechemy, JS, RabbitMQ, Mitre, Docker, GDPR, &hellip

DEVSECOPS: Management of the Cybersecurity and development teams
AUDIOVISUAL GROUP
11/2019 - 3/2020
Architect/Cybersecurity Specialist and Researcher
➢ Analysis of the current hack impacting entertainment channels
➢ Proposal of a solution that avoid the HDMI and particularly the HDCP hack
➢ Design of the global architecture (system and network devices)
➢ POC of the solution (hardware and software based including my Crypto patent)

Architect/Cybersecurity Specialist and Researcher
HAYDAR TECHNOLOGIES:
11/2019 - 3/2020
BIG-DATA and Machine Learning project: Architecture and Development of a data analysis tool. The goal was to meet the following needs:
➢ Collection and analysis of all public data
➢ Reputation calculation and analysis
➢ Decision support
➢ Calculation and trend analysis
➢ Improvement of surveys
The development was based on a field of the artificial intelligence: NLP (Natural Language Processing) including NLU (Natural Language Understanding).
The solution is cloud based: Harbor, Kubernetes, Rancher, Kong/Kuma, Keycloak (IAM). DEVOPS: Management of the development team

Architect and Cybersecurity Specialist
VOLKSWAGEN GROUP
9/2017 - 12/2019
➢ Pentests and SOC-stress
➢ Successfully exploit vulnerabilities that gave me access to the entire dealers database: a breach that could cost thousands millions of dollars to VW AG.
➢ Design of the SIEM architecture/rules (ELK-SPLUNK) for the French VW division SOC
➢ Collaborating with the VW-Cert (incident response)
➢ Helping in forensics events
➢ Proposal of a new method to run pentests
➢ Design of a new data distribution model: cloud based / Edge and Fog computing
➢ Development of a new data collect/distribution method faster than what exist today (Cloud, ZMQ and Artificial intelligence based): Python, Golang (concurrency and parallel development)
➢ Cloud architecture: Rancher, Harbor, Kubernetes, Terraform, AWS
➢ Cloud Cybersecurity architecture and implementation: Kong and Kuma, IDPS
➢ Kubernetes architecture and application development
➢ Crypto system development
➢ GDPR
➢ Management of a team (15 people) composed of: Phd in mathematics, Phd in Artificial Intelligence, Phd in Mechatronic, Phd in Cloud computing, Kubernetes Specialists,