Olivier B.

Design of a secure architecture serving as a foundation for the instantiation of future cloud projects.

Writing dedicated CSP security policies and developing guidelines to secure consumed services.

Close collaboration with architects to define security foundations: firewall configuration, WAF, Forward Proxy, and implementation of CSPM (Cloud Security Posture Management).

Support for projects in integrating security best practices during their migration to the cloud.

Complete project support, from launch to final audit, with remediation plan application.

Interconnection of AWS with Microsoft Entra ID for user management, benefiting from advanced security features: MFA, Conditional Access, log management, etc.

Deployment of a multi-cloud centralized WAF, based on F5 XC in SaaS mode, with Microsoft Entra ID as the identity provider (IdP).

Study and implementation of network security solutions: outbound traffic management (Forward Proxy), secure exposure (WAF), inbound traffic control (firewall, ACL, Security Groups), IAM rights adjustment.

Source code verification via static and compliance analysis tools: GitLab SAST, Checkmarx, Terrascan, TFLint, Checkov...

Strengthening infrastructure security using solutions like Wiz and Security Hub.

Management of security audits within the cloud perimeter.

I joined the information systems department where I assist our internal clients in applying security, from the project's initial study to production.

My expertise in public clouds as well as in micro-services containerization systems allows me to be reactive to attack risks.

Responsibilities

- Implement Zero Trust principles

- Study of exit solutions (Forward proxy), exposure (WAF), IAM rights adjustment, securing access with security enablers, use of service mesh

- Securing artifactory sources (trivy, clair…)

- Code verification (gitlab sast, checkmarx…)

- Infrastructure hardening (kube-bench, kube-hunter, sonobuoy, GCP SCC Security Command Center, Wiz…)

- Technological watch on GCP and CaaS (Container As A Services)

- Project support with an end-to-end view

- Audit management within my scope

- KPI realization

- Facilitating meetings around cloud security

Context:

Following my previous mission within the CES Serveurs (Server Security Expertise Center), I was sponsored to join the Cloud expertise team, specifically the AWS Amazon Web Services part.

I assisted technical architects in adding security and ensuring compliance with security directives.

I participated in various committees as the security guarantor.

In parallel, I wrote security guides for each cloud functional component (EC2, EFS, FSX, S3, RDS, etc.). These security guides served as a framework for each service and a reference for remediation.

I collected all information per Azure/AWS cloud service, integrated it into a database, and used PowerBI to create dashboards with KPIs defined by the various CISOs. This information was also used to monitor service compliance and initiate remediation.

Responsibilities:

- Technological watch on AWS (new services available that could be useful, updates to existing services to be added to guides, services available in our region)

- Creation of security guides for new services and maintenance of existing ones

- Centralization of information in a database for easier exploitation

- Creation of custom dashboards

- Security representative in various architecture committees

Deliverables:

- Security guides for AWS cloud services (FSX, EFS, BACKUP, EC2, S3...)

- Monthly dashboard of the status of Azure and AWS cloud services on PowerBi

Technical and functional environment

- Organizational skills (audit management)

- Linux system skills (Ubuntu, Redhat, Suze, Debian, Solaris), Azure Cloud, AWS

- Crisis management, CERT alert (ANSSI)