Freelancer profile translated to English.

Description

Qualified Cybersecurity Expert Consultant, with extensive experience in incident response team management and cybersecurity operations management in critical environments.

Proven expertise in vulnerability management, penetration testing, forensic analysis, and security governance, covering various sectors including banking, insurance, industry, technology, and healthcare.

Strong leadership skills for team management, crisis coordination, and cross-functional collaboration with technical and business stakeholders.

Proficiency in implementing security policies, driving compliance with international standards such as ISO 27001/27005/22301, and utilizing advanced technological tools to protect sensitive information and critical infrastructure.

Strong commitment to continuous improvement, knowledge sharing, and providing security recommendations to management and operational teams.

Languages

French
Native or bilingual
English
Fluent

Workplace preferences

Can work on-site

Paris (up to 50km)

SOGECAP
Head of Cybersecurity Incident Response Unit
BANKING AND INSURANCE
August 2023 - Today (2 years and 10 months)
Paris, France
Tasks:
▶ Security Alert Management:
• o Process threat intelligence alerts from the CERT team.
• o Analyze alerts from EDR agents, Symantec, and IDS reported by the SOC team.
• o Manage DLP Networking alerts (monitoring emails and web uploads).
• o Manage DLP Endpoint alerts (monitoring data on USB ports).
▶ Security Vulnerability Management:
• o Process high-risk threat alerts and critical vulnerabilities.
• o Identify affected assets, assist the IT department and project team with remediation.
• o Monitor action plans and produce reporting for top management.
▶ Cybersecurity Incident Management:
• o Initiate crisis management procedures in collaboration with the CISO, IT department, business units, etc.
• o Conduct forensic analyses and Root Cause Analysis (RCA) to identify the incident's origin.
• o Provide cybersecurity expertise during operational security committees within the Group.
• o Handle security alerts from various sources such as: identity theft, phishing, asset compromise, suspected fraud, spoofing, cyberattacks, etc.
• o Integrate regulatory recommendations into the incident management process.
• o Continuous improvement of the incident management process to address new threats.
▶ Analysis and processing of potentially malicious emails:
• o Centralize emails flagged as suspicious by users in an appropriate workflow.
• o Analyze the malicious nature of suspicious emails and respond to users.
• o Implement necessary measures such as blocking malicious domains and user awareness training.
▶ Support for business activities:
• o Analyze external media (USB, SD, etc.) before migrating data to the IS.
Security Incident Management Cyber Crisis Management DLP Alert Processing (Network and Endpoint) Forensic Analysis CERT and SOC Alert Management
SOGECAP
Head of Operational Security Team.
BANKING AND INSURANCE
July 2022 - August 2023 (1 year and 1 month)
Paris, France
Tasks:
▶ Vulnerability Management:
o Manage vulnerabilities reported through various channels (audit, pen-test, scan, intelligence, etc.).
o Assist IT teams in implementing recommendations to address vulnerabilities.
o Ensure follow-up of action plans and remediation measures until their effective closure.
▶ Data Leakage Alert Management via DLP Systems:
o Implement a DLP incident management policy covering email, web, and USB channels.
• o Handle L2 and L3 sensitive data leak incidents.
• o Industrialize the investigation workflow for fast and reliable processing of DLP incidents.
▶ Continuous Monitoring Control:
o Industrialize security controls in accordance with regulatory requirements: DORA, NIST, ECB.
• o Review access rights and authorizations on the IS and applications.
• o Identify risks not covered by existing security measures.
• o Propose action plans to mitigate residual risks.
• o Design operational procedures to meet new control requirements.
• o Draft summaries of controls and reporting for managers.
▶ Definition and implementation of abnormal event detection solutions:
o Implement automatic mechanisms for controlling, detecting, qualifying, alerting, and responding to incidents.
• o Prevent incidents, cover residual security risks by defining detection and response rules.
▶ Support for business units:
o Handle users blocked by the security system (e.g., proxy, DLP, etc.).
• o Educate users on good security practices.
▶ Azure Cloud Resource Management:
o Administration and management of cloud resources on the Azure environment (VMs, robots, access, etc.).
• o VM monitoring and user access management.
Vulnerability Management Team Management Security Review. Azure Cloud Resource Manager Forensic Analysis
Société Générale
Cybersecurity Expert
BANKING AND INSURANCE
September 2017 - June 2022 (4 years and 9 months)
Paris, France
Tasks:
▶ Responsible for DAST POC, conducting dynamic security audits using: Webinspect, AppSider, and AppScan.
▶ Static source code audit of applications to identify application vulnerabilities using: Fortify and CheckMarx.
▶ Performing penetration tests on the applications and infrastructures of the Société Générale Group and its entities (CDN, BDDF, etc.).
▶ Coordinating external audits conducted by third-party security firms operating within the Société Générale Group.
▶ Collaborating with business units and CISOs to understand their security needs and integrate them into penetration testing scenarios aimed at verifying dreaded events.
▶ Defining the scope of penetration tests in pre-production and production environments, identifying and validating necessary prerequisites.
▶ Planning, coordinating, and monitoring PASF compliance audits and penetration tests.
▶ Writing detailed reports presenting identified vulnerabilities, associated risk levels, and recommended remediation plans.
▶ Technical presentation of audit results to business units, CISOs, and IT teams after penetration tests.
▶ Providing remediation plans to be implemented by the infrastructure and developer teams, then performing regression testing.
▶ Developing remediation plans for infrastructure and development teams.
▶ Performing regression tests to confirm the proper implementation of recommendations.
▶ Tracking the correction of identified risks via PROST/JIRA, in collaboration with business and project stakeholders.
Penetration Testing Vulnerability Management Explaining cyber aspects to business units Remediation Plan Monitoring Static and Dynamic Audit

Check out Abdoulaye Z's experience

Be the first to recommend Abdoulaye Z

Help this freelancer shine by sharing your experience working together.

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

Baptiste Duhen

Fullstack developer

4.6

(4)

Amed Hamou

Senior Lead Developer

(2)

Audrey Champion

Web developer

4.3

(3)

Signup to reveal

Master in Cyber Defense and Information Security
University of VALENCIENNES
2016
Master
Bachelor's degree in Networks & Telecom
University of VALENCIENNES
2014
Licence en réseaux & Télécom

Check out Abdoulaye Z's education

ISO 27001 (Lead Implementer)
PECB
2023
CISSP (Certified Information Systems Security)
CERTYOU (ISC)
2021

Abdoulaye Z's certifications are only visible to Malt Community members

Cybersecurity Expert

Abdoulaye Z Konate

Head of Incident Response Team SIRT

About Abdoulaye Z

Experience

Recommendations

These freelancer profiles also match your criteria

Education

Certifications

Skill set

Categories