Taiyo Philippe De Garate

As part of the Digital Business Application Services (DX-BAS) team in Tokyo, I supported the firm's digital transformation by developing secure Artificial Intelligence solutions and business web applications. Working in a 100% Japanese environment subject to very strict security standards (Big 4), I specialized in the reliability of LLMs and Responsible AI.

1. LLM Hallucination Detection

- Developed a Python script using the OpenAI API to extract and analyze logprobs of tokens in generated responses.

- Created a confidence score calculation algorithm to mathematically measure the AI's certainty for each produced sentence.

- Modeled and visualized data using graphs (Boxplots) to precisely identify the AI's micro-hesitations on critical data (dates, amounts).

2. Responsible AI (RAI)

- Audited and implemented open-source solutions from the RAI foundation to ensure the fairness and security of AI models.

- LLM Security: Deployed LLM Guard to secure incoming/outgoing data flows (prevention of Prompt Injection attacks and Data Loss Prevention via custom Regex).

- Bias Detection: Evaluated "black box" Machine Learning models (Random Forest) using the FairML library, allowing analysis of variable importance and correction of algorithmic biases to ensure fair decisions.

3. Full-Stack Web Development & Automation (Next.js / TypeScript)

- Developed the front-end of a secure internal process automation platform.

- Implemented a secure architecture: JWT authentication management, REST API integration (Swagger/OpenAPI), and administrator/user role management.

- Worked in Agile methodology (Azure DevOps), with a rigorous process of versioning, Pull Requests, and code reviews.

Within ENGIE Solutions' IT department, I supported the Cybersecurity division in enhancing the security level of exposed web applications (reducing the attack surface) and optimizing internal processes.

My main achievements (focused on automation and investigation):

1. SecOps & Audit Automation (AppSec):

- Developed from scratch a Python script (Selenium, Tkinter) automating security tests on ENGIE web applications.

- Interfaced and automated scraping of 5 analysis tools (Mozilla Observatory, Csper, SSL Labs, Shodan, IKWYD) for evaluating SSL/TLS configurations, CSP policies, and identifying open ports.

- Result: Complete elimination of manual reporting tasks, significant time savings for the Cyber team, and automatic generation of audit reports.

2. Threat Hunting & OSINT:

- Open-source intelligence (OSINT / Google Dorks) investigation campaigns to identify sensitive data leaks exposed on the web.

- Identified a leaked confidential document and reported it critically to the SOC (Security Operations Center) for remediation.

3. Governance, Risk & Compliance (GRC):

- Project Security (IdSP): Participated in risk analysis (Availability, Integrity, Confidentiality, Traceability) to secure applications before their production release.

- Mapping & Obsolescence: Created dynamic dashboards in Power BI to map critical assets, identify hardware obsolescence, and prioritize remediation actions.

- IAM Audit: Checked authentications and detected inactive accounts (post-departure) to reduce the risk of compromise.

- ICS / OT Awareness: Immersed in industrial cybersecurity issues (securing sensitive sites, compliance monitoring, firewall deployment).