Amara Diomande

Within the ISR team - Group Cloud Security - 2.5 years Tasks and missions:

• "Go to Cloud" migration project: Security support for application migration to the Cloud

• General Company AWS Cloud Design: Secure architecture and risk analysis for hosted applications,

• AWS Cloud IAM Design: Implementation of IAM Policies, Permission Boundaries, and Trusted Relationships. 1 Security Referent for the BDDF business (Retail Banking) ITIM: integration of security into Cloud projects, Risk Analysis, Access Recertification for the AWS cloud perimeter and privileged accounts. 1 Security Supervision: SI security events, Management and operation of a security monitoring platform (Cnapp Palo Alto), Management and qualification of security alerts, Remediation of confirmed alerts.

• Drafting security policies for the Cloud perimeter.

• Participation in BCE (European Central Bank, the regulator) audit: Review and Implementation of BCE recommendations, Drafting of the evidence file for the ITIM BU, Continuation of post-audit work

Cyber risk analyst on various projects

Ebios RM risk analysis on the Enedis DMZ network zone construction project

-Implementation of network zones serving as DMZs with the objective of protecting the internal IS from the outside (internet).

-Scope: network infrastructure router/switch/Firewall, Proxy, WAF, AD directory, DNS, application servers, internet-exposed web portal...

- Conducted 5 Ebios RM workshops and defined the security workstream (Drafting risk sheets and associated measures sheets) + restitution meeting.

Ebios RM risk analysis on the DSIIMMO Project:

-Context: project to implement LAN WLAN WAN network infrastructure within the future Enedis IT department premises.

-Scope of risk analysis: infrastructure and network equipment (router, switch, wifi access point, ToIP, SAC), office automation (printers, workstations, server), remote site interconnection, infrastructure equipment (Directory, PKI, NAC, etc.), WAN network.

-Execution of the 5 EbiosRM workshops and monitoring of the security workstream.

Risk analysis (based on Iso 27005) on the deployment of WAFs and AV solutions: risk analysis and drafting of risk sheets and associated measures sheets.

Risk analysis (based on Iso 27005) on the HR business application (hosted on AWS Cloud): risk analysis and mapping of cyber threats, risks, and security recommendations.

ISP RUN: daily ISP activity (integrating security into projects)

-Cyber support for projects from design to production.

-Risk analysis using the internal AR tool for applications.

-Participation in IT department validation committees for application commissioning.

-Analysis of PSSI derogations

Contractual Support on several Projects

-Drafting and evaluation of PAS (Security Assurance Plans) from bidders.

On assignment at GROUPE BNP Paribas within the cybersecurity expertise team Tasks and missions:

• Level 3 Support (engineering) on: O Electronic Signature Solution MORPHO/IDEMIA Dictao

• PKI Infrastructure, Certification Authority, Strong Authentication (HID middleware) Cryptographic Module HSM (Hardware Security Module): Bull HSM

• Deployment of the new Bull TrustWay Proteccio firmware (X143 V143) qualified RGS (reinforced level) + Key Ceremony. Audit and elDAS certification (European elDAS certification for GROUPE BNP Paribas)

• Pre-audit preparation

• Correction of minor and major deviations RUN activities on the E-signature platform (ticket management, incident management, service continuity)