You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Mouhamadou ThioubMT

Mouhamadou Thioub

Expert PKI & HSM | Post-Quantum Cryptography

€750/day
Paris, FR
3-7 years

Average response time: 1 hour

Freelancer profile translated to English.
Back to original language

About Mouhamadou

Expert in applied cryptography, I design and operate PKI, HSM, and CLM infrastructures for major French clients in the public sector and digital trust.

I notably work on shared HSM platforms serving critical clients: key ceremonies, incident management, operation, and maintenance of a multi-brand HSM fleet.

With a high-level academic background in cryptography, I combine solid theoretical expertise (post-quantum cryptography, homomorphic encryption, isogenies) with over 5 years of operational experience on critical infrastructures.

🎯 MY INTERVENTIONS

• PKI/IGC Architecture & MCO (ADCS, EJBCA, HashiCorp Vault, Sectigo)
• Integration of public certification authorities (Sectigo, DigiCert, GlobalSign)
• Operation of multi-brand shared HSM platforms
• Key ceremonies, key loading, rotation, post-KC validation reports
• Incident and cryptographic governance management
• CLM Platforms (BerryCert, Horizon)
• Migration to post-quantum cryptography (ML-DSA / FIPS 204, ML-KEM / FIPS 203)
• Technical documentation: DAT, DEX, HLD/LLD, PC/DPC, key ceremony procedures
• ANSSI, eIDAS, RGS, NIS2, FIPS 140-3 compliance

🛠️ STACK

PKI: ADCS, EJBCA, HashiCorp Vault, Sectigo, OpenSSL
HSM: Thales Luna, Trustway Proteccio (Bull/Atos), Utimaco
KMS: Thales CipherTrust
CLM: BerryCert (DigitalBerry), Horizon (Evertrust)
Protocols: PKCS#11, KMIP, X.509, OCSP, CMP, SCEP, EST
PQC: ML-DSA (FIPS 204), ML-KEM (FIPS 203), SLH-DSA
Systems: Linux RHEL/Debian, Windows Server, Docker, Kubernetes

💼 RECENT MISSIONS

• Major public digital trust operator — Shared HSM Platform & PKI (ongoing)
• Key player in the public health sector — Cryptography & Security
• Public higher education institution — PKI Interoperability Standard

🚀 In parallel, I lead ZetaCert Technologies, a French publisher of post-quantum PKI/CLM solutions.
  • French

    Native or bilingual

  • English

    Fluent

Can work on-site
Paris (up to 50km), Lille (up to 50km), Lyon (up to 50km)

Experience

  • La Poste
    Expert Cryptography/PKI/HSM
    PUBLIC SECTOR
    April 2026 - Today (4 months)
    Ivry-sur-Seine, France
    PKI/HSM expertise mission in progress for a digital subsidiary of the La Poste Group, French leader in digital trust. Intervention on a shared HSM platform serving numerous critical clients.

    🎯 RESPONSIBILITIES

    • Operation and MCO of a multi-brand shared HSM platform
    • Organization and conduct of key ceremonies for platform clients
    • Drafting and formalization of post-key ceremony validation reports
    • Level 3 support and cross-functional expertise on PKI, HSM, and cryptography topics
    • Contribution to the architecture and design of platform evolutions
    • Critical incident management on shared HSM infrastructure
    • Production of reference technical documentation: DAT, DEX, key ceremony procedures, validation reports, PKCS#11 test suites
    • Consulting and support for internal clients on integrating their cryptographic use cases
    • Monitoring and anticipation of regulatory changes (FIPS 140-3, post-quantum, ANSSI)

    🛠️ TECHNICAL STACK

    • HSM: Thales Luna, Bull Trustway Proteccio (netHSM), Utimaco, Entrust nShield
    • KMS: Thales CipherTrust
    • Protocols: PKCS#11, KMIP, TLS/mTLS, X.509
    • PKI: ADCS, EJBCA
    • Systems: Linux RHEL, Windows Server
    • Standards: FIPS 140-3, ANSSI, eIDAS, RGS

    🎯 CONTEXT & CHALLENGES

    Critical cryptographic platform operated for demanding clients (public sector, operators of vital importance, digital trust actors). Environment with very high requirements for availability, compliance, and traceability, with rigorous cryptographic governance.
    HSM KMS PKCS#11 CLM Cryptography
  • Caisse Nationale d'Assurance Maladie
    Security Administrator / PKI
    PUBLIC SECTOR
    January 2022 - March 2026 (4 years and 2 months)
    Saint-Quentin-en-Yvelines, France
    4-year PKI/HSM expertise mission with Assurance Maladie, a major player in the French public health sector. Intervention on critical cryptographic infrastructures at the heart of the French healthcare system.

    🎯 RESPONSIBILITIES

    • Operational management and exploitation of the PKI/HSM infrastructure
    • Contribution to the InterOPS interoperability standard for secure exchange between healthcare stakeholders
    • Certificate lifecycle management: issuance, renewal, revocation
    • Securing inter-application exchanges via mTLS (mutual TLS) on a large fleet
    • Implementation and operation of OCSP responders for real-time certificate validation
    • Generation, distribution, and supervision of CRLs (Certificate Revocation Lists)
    • Integration and operation of the ACME protocol for certificate issuance automation
    • Key ceremonies and key loading operations on HSM
    • Supervision and monitoring of PKI and HSM infrastructures
    • Operational maintenance and incident management

    🛠️ TECHNICAL STACK

    • PKI: ADCS, EJBCA, OpenSSL
    • HSM: Bull Trustway Proteccio, Entrust nShield
    • Protocols: X.509, OCSP, CRL, ACME, mTLS, SCEP, PKCS#11
    • Standards: InterOPS (health PKI interoperability)
    • Systems: Linux, Windows Server

    🎯 CONTEXT & CHALLENGES

    Critical infrastructure operated for a major public health sector player, in an environment with high demands for availability, compliance (ANSSI, RGS), and security.
    PKI F5 ADCS HSM CLM
  • Chambre de commerce
    PKI Engineer
    EDUCATION AND E-LEARNING
    January 2020 - December 2022 (2 years and 11 months)
    Cergy, France
    2-year mission with CCI Paris Île-de-France as a PKI and cryptography engineer. Involvement in the entire infrastructure lifecycle: design, deployment, MCO, and evolutions.

    🎯 RESPONSIBILITIES

    • Design and deployment of an enterprise PKI based on Microsoft ADCS (Active Directory Certificate Services)
    • Operational maintenance (MCO) of the existing PKI and management of evolutions
    • Implementation of OCSP and SCEP protocols for certificate authentication and validation
    • Daily management and administration of security and PKI tools
    • Participation in the migration and optimization of PKI and cryptographic infrastructures
    • Supervision and monitoring of security infrastructures
    • Automation of certificate lifecycle management processes
    • Training and support for internal technical teams on the fundamentals of cryptography and cybersecurity

    🛠️ TECHNICAL STACK

    • PKI: Microsoft ADCS, OpenSSL
    • Protocols: X.509, OCSP, SCEP, PKCS#10, PKCS#12
    • Systems: Windows Server, Active Directory
    • Scripting & automation: PowerShell

    🎯 RESULTS

    • Operational enterprise PKI compliant with security standards
    • Reduction of operational load through automation
    • Upskilling of internal technical teams on cryptographic challenges
    PKI EJBCA SCEP ADCS Cryptography

Recommendations

Be the first to recommend Mouhamadou

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Skill set

Categories