Kevin Mougel

Senior Cybersecurity Consultant and Part-time CISO, I support SMEs, mid-cap companies, and growing organizations in structuring their IS security governance, managing their cyber risks, and steering their security transformation programs.

I work across the entire cyber value chain, from defining security strategies and roadmaps to the operational implementation of protection measures. This approach allows me to support executive management, CIOs, and CISOs in decision-making while staying closely connected to the technical realities of the teams.

My expertise covers IS security governance, risk analysis (ISO 27005), defining cybersecurity master plans, compliance support, security architecture, cyber program management, and securing critical infrastructures.

Thanks to my strategic and technical background, I can also support the design of security architectures, the deployment of protection solutions (EDR/XDR, IAM, firewalls...), the improvement of detection and incident response capabilities, as well as the setup and management of SOCs and Cyber Fusion Centers (Next Gen SOC).

I regularly intervene in contexts of cyber crisis management, organizational transformation, or strengthening security posture. I also support organizations in budget management for their cybersecurity investments, defining operational models, and recruiting or structuring cyber teams adapted to their challenges.

This dual expertise, combining governance, architecture, management, and operational expertise, allows me to transform strategic orientations into concrete, pragmatic, and measurable systems that create business value.

Purple Team Lead specializing in cyber defense governance, Cyber Fusion Center (Next Gen SOC) architecture, risk management, and cyber crisis management. I have supported SMEs and mid-cap companies in strengthening their security posture, improving their resilience against cyber threats, and structuring their cyber defense capabilities.

In this capacity, I conducted risk analyses according to ISO 27005 principles, led Threat Modeling exercises, and assisted management in defining cybersecurity strategies tailored to their business needs. I also participated in drafting security policies and standards (PSSI, procedures, standards), regulatory compliance, and developing security roadmaps.

I managed projects for the design and transformation of Cyber Fusion Centers (Next Gen SOCs), defining operational models, detection and incident response capabilities, and associated security architectures. I contributed to the selection of security solutions (SIEM, SOAR, EDR/XDR), the definition of performance indicators, budget construction and monitoring, and the management of strategic partners.

To improve threat anticipation and decision-making, I participated in Cyber Threat Intelligence (CTI) activities, identification of priority threat scenarios, and strengthening of cyber crisis management systems.

As a manager and technical leader, I led expert teams and supported cyber transformation programs combining governance, security architecture, and cyber defense operations. I participated in the recruitment, supervision, and skill development of multidisciplinary teams, while developing investigation, detection, and incident response capabilities aligned with business needs and security objectives.

As Head of Cyber Security, I participated in defining and developing the company's cybersecurity offering, structuring activities, operational models, and cyber defense capabilities for VSEs, SMEs, and mid-cap companies.

I supported management in defining their cybersecurity strategy, risk management, regulatory compliance, and building roadmaps to align security investments with business, operational, and resilience needs.

In this capacity, I designed and structured Security Operations Centers (SOCs) and CERT capabilities, integrating EDR/XDR, SOAR, Cyber Threat Intelligence (CTI), and incident response technologies to enhance detection, investigation, and remediation capabilities against cyber threats.

I also contributed to securing critical infrastructures and sensitive environments, particularly around Active Directory issues, information system protection, and strengthening organizations' security posture.

In parallel, I participated in strategic scoping, architecture, and pre-sales phases for complex cyber projects, while ensuring the performance management of security systems, optimization of operational models, and continuous improvement of cyber defense capabilities.

This experience provided me with a comprehensive understanding of cyber challenges, combining strategy, governance, architecture, business development, and supporting organizations in their transformation and security projects.