Hamza Darghouth

BNP Paribas Corporate and Institutional Banking (CIB) is the global investment banking arm of BNP Paribas, the world's largest banking group. BNP Paribas has been ranked by Bloomberg and Forbes as the largest bank and largest company in the world by assets, with over US$3.1 trillion.

I joined BNPP CIB in July 2021 as an Appsec/DevSecops expert in the Appsec team.

I performed the following tasks:

- Application source code and dependency audit

- Configuration of Fortify/Nexus detection rules

- Coaching developers/Security Champions on OWASP TOP 10

- Definition and monitoring of the application vulnerability remediation strategy

- Assistance with application vulnerability remediation

- Definition and integration of security requirements into the DevOps approach in terms of organization, processes, and controls.

- Design and implementation of a DevSecOps platform anomaly automated control framework (Vulnerability processing, SAST/SCA scans, Application onboarding/offboarding)

- Participation in GO/NO GO production committees (Security in projects/ISP)

- Team lead (3 consultants)

AXA is an international group specializing in insurance and asset management services. Founded in 1985, AXA is one of the world leaders in insurance and asset management, operating in over 50 countries worldwide. Its headquarters are located in Paris, France.

I joined the AXA GO SAST team in January 2020 as a SAST Tech Lead on the Checkmarx source code scanning platform.

I performed the following tasks:

- Integration of automated security tests (Jenkins, Checkmarx, GitHub, Azure DevOps, etc.)

- Administration and troubleshooting of the Checkmarx CxSast SAST platform

- Assistance to developers for vulnerability remediation

- Writing secure development guides

- Analysis of false positives

- Writing / optimizing Checkmarx CxQueries

- Development of a tool for generating KPIs from the Checkmarx API (REST, OData)

- Project management and coordination with different teams

SNCF is a rail transport giant in France. With over 120 years of history, it manages an extensive network of nearly 30,000 kilometers of railway lines. Every day, it transports approximately 4 million passengers and 300,000 tons of goods, making it one of Europe's largest rail operators. Furthermore, it employs over 250,000 people, contributing significantly to the French economy.

I joined the SNCF Red Team in 2018 as a Senior Pentester.

I performed the following tasks:

- Analysis of Android mobile application source code

- Study, formalization, and extraction of Indicators of Compromise (IoCs) in Windows environments to create custom SIEM rules

- Presentation of audit results to project committees

- Follow-up and post-patch verification of vulnerabilities