Freelancer profile translated to English.
Back to original languageAbout Cyril
CyberSec and DevSecOps Engineer with 8 years of experience, specializing in Security, protection, and data sovereignty.
Graduated from Mines-Télécom and INSEAD. Freelancer since 2022. Experience with large accounts (Defense) and Startups.
Operational AI:I integrate the best AI tools of the moment (ClaudeCode, Cursor, BMad, Skills) into my missions and client pipelines — increased productivity, respected confidentiality (with client agreement).
🔐 IT Security & Compliance:
- DevSecOps & CICDs → Secure pipelines, scanning, image signing, shift-left security
- Supply Chain Security → SLSA Level 1-3, Chainloop, SBOM (Syft/Tern)
- Container Security → K8s RBAC, OPA/Kyverno, admission controllers
- Corporate Security → CrowdStrike/SentinelOne, Splunk, pfSense/NextDNS, Jamf
- Vulnerabilities → DefectDojo, continuous scanning, SAST/DAST, AI pipelines for autonomous vuln discovery
- Zero Trust → Twingate, ZeroTier, OpenZiti, Cloudflare Access
- IAM → Teleport, OIDC/OAuth, Okta, Azure AD/Entra ID, Yubikeys
- Encryption → BYOK, CMK, envelope encryption, KMS/HSM (France), TEEs
- Compliance → GDPR, SOC2 Type II, ISO 27001, NIST
☁️ DevOps & Cloud Infrastructure:
- Cloud → GCP, AWS, Hetzner, multi-cloud
- IaC → Terraform, Ansible, GitOps
- Containers → Kubernetes, Helm, Kustomize
- Dev → Go, Python, Shell
- Ops → Monitoring, logging, alerting, tracing, disaster recovery, backup
🔒 Digital Confidentiality & Sovereignty:
- Self-Hosted → Vaultwarden, GitLab, Mattermost, Supabase, NextCloud
- Database Security → Field-level encryption, searchable encryption
- Secrets → Cold storage (root CAs, master keys), secret mgmt
- Privacy Tools → Encrypted DNS, SimpleX, obfuscation
- Confidential Compute → MPC, TEEs
🤖 AI Security & LLMs:
- Guardrails → content filtering, PII redaction
- Compliance → GDPR, EU AI Act
- Sovereignty → confidential AI training and inference (in enclaves)
→ 📞 I am available to discuss your project example by Video call
French
Native or bilingual
English
Native or bilingual
Can work on-site
Toulon (up to 50km), Aix-en-Provence (up to 50km), Paris (up to 30km), Montpellier (up to 50km), Nice (up to 50km)
Experience
- Katvio.comFounder (freelancing company)TECHDecember 2020 - Today (5 years and 6 months)Toulon, FranceHelping businesses meet defense and military-grade security standards:
- DevSecOps: Security-first development practices and CI/CD security
- Supply Chain Security: SLSA Level 1-3 compliance implementation, Chainloop for attestation
- Code Analysis: SBOM generation with Syft/Tern, dependency scanning
- Container Security: K8S RBAC, OPA/Kyverno policies, admission controllers, Run containers in TEEs
- Corporate Security Tools: Jamf Pro (MDM), CrowdStrike & SentinelOne (EDR), Splunk (SIEM), pfSense & NextDNS & LittleSnitch & LuLu (firewalls)
- Vulnerability Management: DefectDojo integration, continuous scanning
- Infrastructure Security: Cloud native security, bare metal hardening, AppArmor
- Zero Trust: Network policies with Twingate, ZeroTier, OpenZiti, Cloudflare Access, Zscaler
- Access Management: Teleport, OIDC, Identity Providers (Okta & Azure AD/Entra ID & GoogleWorkspace), Yubikeys
- Key Management: BYOK, CMK, envelope encryption, TEEs
- Database Security: Implement a proxy that sits btw your app and your DB offering Field-level encryption & searchable encryption
- Cold Secret Storage: cold storage and long-term backup of critical digital assets like root CA or Backup encryption master keys
->See https://katvio.com - NAVAL GROUPDevSecOps EngineerDecember 2020 - July 2022 (1 year and 7 months)→ In the Tooling & DevSecOps division.→ Project details subject to NDA; available upon request.Contributed to the development and enhancement of an enterprise-grade build automation and security platform:Security & Compliance:
- Integrated SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) engines for continuous security scanning
- Implemented SCA (Software Component Analysis) for vulnerability detection in dependencies
- Automated SBOM (Software Bill of Materials) generation for supply chain transparency
- Code signing and artifact signing for build integrity verification
- Dependency pinning and hash verification to prevent supply chain attacks
CI/CD & Build Infrastructure:- Distributed parallel build orchestration across multiple geographic sites
- Multi-language support (various programming languages, COTS & OSS components)
- Automated code coverage analysis and quality gates
Repository & Artifact Management:- Secure binary and Docker registry management with image signing
- Container image scanning and vulnerability assessment
Supply Chain Security:* Dependency graph analysis and vulnerability tracking- Protection against typosquatting, dependency confusion, and package masquerading attacks
- PeopleSpheres
On Malt
Security Architecture of a SaaS (data encryption)SOFTWARE PUBLISHINGMarch 2024 - July 2024 (4 months)Montpellier, France- Project 1: Wrote a Security architecture document describing an application-level encryption system of type 'envelope encryption' based on a KMS provider for key storage. As well as all related security: cloud native, IAM, server level, networking, etc.
- Project 2: Implementation of a feature flagging solution.
- Project 3: Creation of a request for proposals document for migrating from private cloud (on-premise) to public clouds (GCP, AWS, Azure).
- Project 4: Migration of CircleCI pipelines to GithubActions.
Reviews
Recommendations
FG
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- Engineering degree, Computer ScienceEcole des Mines d'Alès2019Computer Science, Software Development, CyberSecurity, DevOps and Infra
- Executive Education, Change ManagementINSEAD2020Executive Education, Change Management
Certifications
- Created a portable secure file encryption tool for securely cold storing critical informationProtect your most critical assets—crypto wallets, SSH keys, passwords, and sensitive documents—with information-theoretic security designed for safe long-term storage. A robust long-term backup solution that combines AES-256-GCM encryption with Shamir's mathematically proven secret sharing.
- Early warning system against crypto platform collapses.Built system monitors for unusual patterns, negative sentiment spikes, and other risk indicators that often precede platform failures. • SwanWatch uses advanced AI to analyze social media sentiment and on-chain data, 24/7. → Tech Stack: Next.js, React, TS, Tailwind CSS, Node.js, Python, Supabase, custom AI and NLP models, Blockchain RPC nodes and indexers, Ansible.