Freelancer profile translated to English.

Description

Atef Abdelkefi is a cybersecurity expert with a PhD in cybersecurity and 17 years of experience. Atef has a wide range of technical and human capabilities. In terms of technical skills, Atef is an expert in defining cyber strategy, governance, cyber risk management, cyber architecture, and cyber crisis management. Atef has leadership skills related to team management, as well as communication and influence skills. Atef worked at Accenture, IBM, Deloitte then created a cybersecurity consulting firm. His first mission was to help the CISO of Engie Digital implement its cloud-focused strategy by leading a plan to address cyber risks on the company's commercial platforms.

Later Atef joined La Mutuelle Générale as interim Cybersecurity and Compliance Manager. Atef's mission was to create a new cybersecurity and compliance department directly reporting to the CIO and to lead the cyber program of 29 projects due in June 2023 (management of cyber crisis resilience, vulnerability management, secure migration to the cloud, creation and management of SOCs based on Azure Sentinel, network segmentation, WAF deployment, MFA deployment, EDR deployment, Salesforce security, and deployment of the Microsoft 3-tier model).

Languages

French
Native or bilingual
English
Native or bilingual
Norwegian Bokmål
Fluent

Workplace preferences

Can work on-site

Paris (up to 50km)

Axione
Group CISO
TELECOMMUNICATIONS
March 2025 - Today (1 year and 3 months)
Paris, France
•Audit of NIS2 maturity and definition of the cyber roadmap
•GRC: definition of cyber policies, procedures, and standards
•Definition of a new operating model and redesign of the cyber team with the creation of three poles of 5 FTEs
•Define the organization for the execution of the cyber program (resources, organization chart, committee structure)
•Creation of operational and managerial KPIs
•Contribution and response to tenders and management of Third-Party risks
•Technical and managerial coaching of the new internal CISO
•Monitoring and quality control of the cyber program for NIS2 compliance, including:
oRedesign of the SIEM/SOC
oRedesign of the infrastructure and application vulnerability management
oHardening of East-West and North-South network segmentation
oRedesign of the administration SI
oSecuring directories (consolidation and hardening)
oHardening and implementation of the password policy
oGeneralization of MFA
oSpecifications for WAF deployment
oSpecifications for PAM solution deployment
oSpecifications for IGA solution deployment
ISO 27001 NIS2 PAM Individual Coaching RSSI
Solocal
Group CISO
SOFTWARE PUBLISHING
July 2024 - Today (1 year and 11 months)
Paris, France
• Cybersecurity maturity audit based on the NIST Framework and definition of the cyber roadmap
• Redesign of the cyber organization by creating three poles (GRC, Architecture, and SOC) and increasing staff from 2 to 5 FTEs in five months
• Define the organization for the execution of the cyber program (resources, organization chart, committee structure)
• Monitoring and quality control of the cyber program, including:
o Hardening of internet exposure
o Cloud security (VM, PAAS, and containers)
o Continuation of the Microsoft 3-Tier model deployment
o Rationalization and audit of WAF and Anti-DDoS (CloudFlare) deployment
o Workstation security and generalization of EDR (Defender/S1) deployment
o Creation of a vulnerability management system and improvement of the infrastructure & code vulnerability management process (Nessus)
o Improvement of the incident and cyber crisis response process by the SOC
o Improvement of Third-Party risk management processes
o Creation of cyber risk registers and improvement of enterprise risk management processes
o Creation of operational and managerial KPIs
o Organization of training for employees and developers (SoSafe, SecDojo)
Team Management Program Management NIST CSF WAF EDR Cloud Security Vulnerability Management Cybersecurity Architecture Risk Analysis and Management
TDF
Cybersecurity Director
INTERNET OF THINGS (IOT)
December 2023 - June 2024 (6 months)
• Definition of the cyber program and budget estimation (€2.1M) pre-Olympics
• Definition of the organization for the execution of the cyber program (resources, organization chart, etc.)
• Monitoring and quality control of the cyber program for 15 projects from December to June 2024, including:
o Cyber crisis management during the Olympics (Process, toolkit, Business Continuity Plan/Disaster Recovery Plan, backup site, etc.)
o Securing the AD and deployment of Semperis ADFR and DSP tools
o Deployment of an F5 WAF
o Securing broadcast industrial systems (hardening of network equipment, Radio & DTT, implementation of a Radius server)
o Deployment of a SIEM (Logpoint)
o Deployment of an EDR (Trellix) and NDR (Stamus)
o Deployment of an anti-DDoS & anti-phishing solution
Project Management Risk Management Strategic Roadmap Communication