You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Makan SidibeMS

Makan Sidibe

Senior Cybersecurity & Risk Management Consultant

€835/day
Paris, FR
8-15 years

Average response time: 1 hour

Freelancer profile translated to English.
Back to original language

About Makan

Hello,

I am Makan, I have a dual expertise: on one hand, I can provide security support for business projects, and on the other hand, I am an expert in technical subjects.

Seeking a variety of missions:

• Consulting: risk analysis, contribution to the implementation and improvement of the IS Policy, support for business projects, risk management and integration of security into projects, security accreditation (e.g., LPM), GDPR compliance, security management, framing, study, and support for the implementation of security projects.

• Organization and Management: CISO, Program Director, Project Manager, Consulting Mission Management, Penetration Test Audit Management, Crisis Management (Forensic).

• Technical Expertise: Security Architect, Authentication Solution Expert, Encryption Solution Expert, Electronic Certificate Management, Application Code Audit, Vulnerability Scanning.

• Other Expertise: DPO assistance, support for legal and procurement departments in integrating security into contracts.

• Awareness:
- Through password cracking campaigns on Active Directory.
- Through simulated phishing campaigns.
- On daily security management: ransomware cyberattacks, email (phishing), external device management, data exchange with external parties, etc.
- On GDPR compliance and the need for personal data security.
- On adherence to the client company's security policy.
- To business units on integrating security into projects (cloud solutions, risks related to Shadow IT).
- To developers on incorporating security into application development.

• Other types of missions will be considered, and I will respond favorably if I have the skills or know-how.

See you soon.
  • French

    Native or bilingual

  • English

    Fluent

Can work on-site
Paris (up to 50km), Paris (up to 100km)

Experience

  • Crédit Agricole Assurances
    IS Support and CISO
    BANKING AND INSURANCE
    February 2020 - Today (6 years and 5 months)
    Paris, France
    CISO Assistance and various missions
    • Assisting the CISO in their duties:
    o IS Security Organization: monthly security committees, resource and skills management.
    o Managing security integration in V-cycle and agile projects (Security Risk Analysis, DevSecOps, framing and management of security audits).
    o Implementation and operational management of security:
    ▪ Security Architecture and Standards.
    ▪ Participation and role in Cyber Crisis Management.
    ▪ Incident and vulnerability handling.
    ▪ Security configuration guide for IS components.
    ▪ Design and deployment of security solutions.
    ▪ Security watch.
    o Management of continuous controls in conjunction with the IT Risk Manager: vulnerability, security incident, obsolescence management, monitoring of Internet online services, etc.

    • Other Missions:
    o Security Architect and Technical Expert in supporting technical and business projects.
    o Security lead for the Group's data platform (Big Data) at CAA:
    ▪ Functional, organizational, and documentary audit of the platform.
    ▪ Management of pentests on the entire platform (technical foundation, system, and application).
    ▪ Definition of the data platform's security strategic plan (budget of 2.5 million euros).
    ▪ Monitoring of the strategic plan's implementation.
    ▪ Definition of a security framework for the data platform (Security and Resilience).
    ▪ Definition of a reference framework for Data Access Management.
    ▪ Performance of risk analyses on platform use cases (data exposure via APIs, AI, IFRS, AML/CFT, Archiving and Data Purge, etc.)...
    ▪ Etc.
    o M365 Security Lead:
    ▪ Performance of risk analysis for the technical foundation.
    ▪ Performance of risk analyses on applications and uses (collaboration tools, messaging, Teams applications, etc.).
    ▪ Implementation of a data classification framework.
    ▪ Monitoring of residual risks.
    ▪ Recommendation of security solutions.
    o Definition and Management of DevSecOps implementation:
    ▪ Performance of a review of work carried out (organization, process, automation, etc.).
    ▪ Construction of the trajectory towards the DSOMM (DevSecOps Maturity Model) target in line with the IS strategic plan: Software factory, Acculturation & Organization, Implementation, Information Gathering, Audits & Tests.
    ▪ Definition of a new governance around DevSecOps activities, deployment of security champions in squads, definition of security gates.
    ▪ Definition of indicators and monitoring thresholds.
    ▪ Study of the implementation of a GRC tool (Security Framework).
    ▪ Activity animation: newsletter, Mob hacking sessions, etc.
    o Management of the implementation of CAA Group's email domain security plan: deployment of SPF, DKIM, DMARC protocols.
    o Implementation of the CAA Group's inventory of applications and Internet online services, followed by the management of continuous monitoring policy implementation.
    o Support and training of new hires on the Crédit Agricole group's risk analysis method.

    Technical environment: M365, Checkmarx, MAPR Secure, Ambionics, Tenable, Merox, Docker, Kubernetes, Jinkins, XRAY, AquaSec, Trivy.
    CISO Assistance DevSecOps GRC Risk Analysis ISO 27001 ISO 27005 Office 365 Microsoft 365 SPF DKIM DMARC trivy AquaSec Security Governance IS Governance
  • Pacifica
    Senior Consultant, Business Support, CISO and Deputy CISO
    BANKING AND INSURANCE
    April 2014 - Today (12 years and 4 months)
    Paris, France
    IS Security Support and CISO

    • Management of SIIS (Strategic Information System) accreditation for Pacifica.

    • Direction and management of recommendations for the CARS program (Crédit Agricole Security Reinforcement), a program dedicated to the application of the LPM (Military Programming Law).

    • Support for the implementation of GDPR (General Data Protection Regulation):
    o Performance of DPIAs on identified processing activities.
    o Gap analysis on applications to identify security measures required for compliance.
    o Development of a 3-year compliance plan for business applications.

    • Framing and implementation of code audit processes:
    o Solutions benchmark.
    o Management of the implementation of the chosen solution.
    o Definition of the code audit process.

    • Risk analysis and support for business and technical projects:
    o Risks related to IT service outsourcing, data localization, personal data, and provider selection...
    o Support for business projects and MESARI risk analysis: online contracting (auto, home, legal protection, agricultural, etc.), smartphone applications, customer feedback collection campaigns, A/B Testing, online claim reporting, electronic reporting (eConstat), customer connection...
    o Support for technical projects: smartphone applications, workstations, printers, multi-factor authentication, voice over IP (WebRTC), data center relocation, backup strategy, etc.
    o Support for architects on the security aspects of the solution's technical architecture.
    o Integration of vulnerability remediation processes into projects (vulnerability scanning, penetration testing, code audit).
    o Awareness raising, sharing, and enrichment of the security reference framework for its adoption by development teams.

    • Support for the legal department, DPO, and CISO to facilitate the integration of security and GDPR clauses into outsourcing contracts for hosting, objectives:
    o Raise awareness among business and technical project managers about GDPR and the security risks of information systems (IS) related to any outsourcing of business applications.
    o Provide a consistent approach to detect procurement projects for outsourced platform services (Shadow IT).
    o Implementation of a security questionnaire to assess the maturity level of outsourced hosting providers.
    o Establishment of a set of standard contract clauses and a security requirements database, to be adapted according to the specific context of each infrastructure outsourcing project.

    • Study on the security aspects of business application eligibility for cloud hosting:
    o Definition of evaluation criteria.
    o Cloud vs. On-premise comparison.
    o SaaS solutions comparison.
    o Definition of security directives for applications containing personal or sensitive data.

    • Management of audit and penetration testing missions: WiFi, IPS infrastructure, telephony (WebRTC), workstations, printers, business applications, smartphone applications, Microsoft Azure, etc.

    • Source code audit of business applications with Checkmarx: analysis and qualification of vulnerabilities, definition of the remediation action plan.

    • Security project framing: deployment of security bastions (CyberArk), log management, code audit, workstation encryption with ZoneCentral, etc.

    • Framing and Implementation of SIEM and SOC.

    • Other activities:
    o GDPR Lead.
    o Security Integration in Projects Lead.
    o Lead and functional role within the IS Security team.
    o Risk Treatment Plan.
    o Management of the business continuity plan for Pacifica subsidiaries.
    o Management of the risk dashboard monitoring (strategic and operational indicators).

    Technical environment: Checkmarx, Microsoft Azure, CyberArk, Splunk, ZoneCentral...
    CISO Risk Analysis Program Management Application Security Business Project Support Security Accreditation security management Audit Management DPO Support Security Integration in Projects Code Audit Process
  • CA.SA (Crédit Agricole)
    Security Consultant
    BANKING AND INSURANCE
    February 2012 - June 2012 (4 months)
    Paris, France
    Distributor IS, Producer IS:
    Support for CASA in implementing a global access control strategy for Distributor IS and Producer IS interconnections.
    • Facilitation of working meetings with Crédit Agricole entities (CAAGIS, PREDICA, etc.).
    • Presentation of a state-of-the-art on customer identity management and securing service calls between partner IS.
    • Joint analysis of different scenarios leading to the definition of a shared strategy on these topics.
    Authentication Authorization Management IAM WebSSO SAML

Recommendations

Be the first to recommend Makan

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Education

  • Engineer
    Télécom Lille (Mines-Télécom)
    Sécurité des systèmes d’information et sûreté de fonctionnement

Skill set

Categories