About Flavio
- Anticipating the requirements of the Cyber Resilience Act (CRA) and the RED directive
- Assessing the security of your products (audit, vulnerability analysis, embedded / IoT pentest)
- Conducting risk analyses (EBIOS RM) adapted to your systems
- Identifying security flaws in your firmwares, protocols, or architectures
- Performing penetration tests (software & hardware) on embedded and IoT systems
- Code audit and firmware security analysis
- Implementing security mechanisms: secure boot, cryptography, key management (PKI)
- Analysis and security of communications (embedded protocols, IoT)
- Compliance support: EN 18031, ANSSI best practices
- Integration of Secure by Design principles
- Contribution to the robustness and resilience of connected products
- Secure your products without slowing down your time-to-market
- Quickly identify critical vulnerabilities
- Provide targeted technical expertise without burdening your teams
- One-off audit / pentest
- Project support
- Technical support for your security developments
- Training your teams (embedded cybersecurity, IoT, cryptography, CRA/RED)
French
Native or bilingual
English
Fluent
Experience
- Serma Safety and SecurityEmbedded & IoT Cybersecurity ConsultantINTERNET OF THINGS (IOT)November 2025 - Today (9 months)Paris, France
🔒 Firmware & Cryptography Security Audit (Hitachi)
- Security audit of firmwares on payment terminals and railway systems, with in-depth analysis of encryption mechanisms, key management, and cryptographic primitives. Work carried out in compliance with PCI PTS and EMVCo standards. Identification of critical vulnerabilities (flawed key management, weak cryptographic implementations, integration flaws) and prioritized corrective recommendations for technical teams.
🎯 Automotive ECU Pentest — USB, Wi-Fi, Bluetooth (Renault)
- Penetration testing on embedded control units (ECUs) via USB, Wi-Fi, and Bluetooth interfaces, as part of automotive cybersecurity projects. Identification of attack surfaces and exploitation vectors on connected vehicle systems.
🎓 Embedded Linux Security & DevSecOps Training (Merck, KNDS, Atraltech)
- Design and delivery of customized training programs for major clients, covering embedded Linux security, Secure Coding, and DevSecOps integration on industrial Linux systems.
📋 IoT Regulatory Compliance — CRA & RED
- Support for compliance with the Cyber Resilience Act (CRA) and the RED Directive (Radio Equipment Directive), to secure the product lifecycle of connected objects from the design stage.
🛡️ Securing Embedded Systems & IoT
- Strengthening the security of embedded and IoT architectures: secure boot, secure OTA updates, and cryptography applied to constrained environments.
- Commissariat à l'énergie Atomique (CEA)R&D Cybersecurity Engineer in Cryptography (Post-Quantum)DEFENSE AND MILITARYMay 2024 - October 2025 (1 year and 5 months)Grenoble, France
- Research and vulnerability analysis in cryptographic C code, particularly in post-quantum cryptography (PQC), using static and dynamic analysis tools
- Evaluation, benchmarking, and selection of security tools (SAST, DAST, fuzzing) adapted to sensitive environments
- Contribution to security certification processes: Common Criteria (CC), CESTI evaluations, compliance with ANSSI standards
- Monitoring and support for migration to post-quantum cryptography (PQC) according to ANSSI, BSI, and NIST recommendations
- Participation in defining security requirements and cryptographic best practices
- Crédit AgricoleCybersecurity Officer – Cryptography & PKIAugust 2023 - May 2024 (9 months)78280 Guyancourt, France
- Relaunch of a critical cybersecurity project (PKI) initially interrupted (COVID), bringing it back into production and structuring the work
- Design and development of a certificate management tool (PKI) in Java
- Implementation and management of the certificate lifecycle (issuance, renewal, revocation)
- Strengthening the security of identity and key management infrastructures (PKI)
- Contribution to the reliability of security processes and business continuity
Recommendations
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- Master's degree in CybersecuritySorbonne UniversitéRéseaux & Architecture : Architecture des Réseaux Développement sécurisé : Secure Coding Tests d’intrusion & audit : Ethical Hacking et Pentest, Audit de la Sécurité des SI Protection des données : Sécurité des Bases de Données, Sécurité des Communications Cryptographie : Primitives Cryptographiques et Fonctions de Sécurité Analyse avancée : Reverse Engineering
- Bachelor's degree in Computer ScienceSorbonne UniversitéArchitecture et systèmes : Architecture des ordinateurs, Fondements des systèmes d’exploitation, Programmation concurrente, Programmation Shell Développement et algorithmique : Algorithmique appliquée, Structures de données, Programmation objet, Programmation fonctionnelle, Programmation comparée Bases de données et génie logiciel : Bases de données relationnelles, Systèmes de gestion de bases de données, Génie logiciel Web & technologies avancées : Technologie du Web, Compilation, Sciences des données Sécurité & cryptographie : Sécurité informatique, Cryptologie Mathématiques & intelligence artificielle : Mathématiques discrètes, IA et jeux, Statistique et informatique Autres compétences : Logique, Architecture logicielle
Certifications
- EBIOS Risk ManagerPECB