Benjamin Plisson

After an initial experience as an independent cybersecurity consultant, I wanted to return to technical expertise to diversify my activities. While increasing my consulting activities in identity and security management for organizations such as OFII, I joined the access control team within the BPCE group during the merger phase with NATIXIS. My role within the team was, of course, to maintain the operational condition of the entire platform and its components, but above all to manage the migration of applications from the historical platform to the new merged BPCE / NATIXIS platform. I was therefore able to build relationships with the various client applications to support and advise them on this migration.

Returning to my desire to progress within cybersecurity and building on my cross-functional technical expertise in integration projects, I obtained a position within the Cyber Security Department under the direct responsibility of the CISO, who himself reported directly to the Secretary General. I arrived in a complex context where the technical stack and processes were obsolete. We were able to turn things around by quickly modifying business processes and launching various migration projects to more recent tools. The goal was to easily ensure the review and control of access to the most sensitive applications (regulatory constraints, critical business needs, etc.) and also to launch an evangelization effort among users to convince them of the usefulness and necessity of respecting the defined processes. We then worked on the processes for employee onboarding and offboarding to limit the risks of toxic rights and account sharing/selling.

In parallel with these access and identity-focused missions, I supported the IS transformation projects aimed at changing the entire technical architecture of the IS to rationalize needs. This was accompanied by the need to update myself on all regulations applicable to insurance operators. It is thanks to the work of the entire department and the support of my team that I was able to follow all this information and maintain the necessary level of information for proper support and risk management related to this transformation.

Within the central services of Société Générale, I successfully completed a mission as:

- Responsible for the installation and deployment of sec-ops tools Checkmarx, Codebashing, and Blackduck.

- Responsible for redesigning the organizational processes for vulnerability management and relations with application managers.