Freelancer profile translated to English.

Description

Cybersecurity pentester specializing in web, API, AI, and exposed surface penetration testing. I conduct offensive audits for SMEs with 10 to 100 employees to identify critical vulnerabilities before they become incidents.

My methodology follows OWASP (WSTG, API Top 10, LLM Top 10), PTES, and MITRE ATT&CK frameworks, with a manual approach focused on business logic and vulnerability chaining.

Specifically, I am involved in:

→ Web application pentesting (OWASP Top 10, business logic, SSRF, RCE, IDOR)

→ API penetration testing (REST/GraphQL: BOLA, BFLA, auth, rate-limit, secrets)

→ AI/LLM security audits (prompt injection, jailbreak, data leakage, agent autonomy)

→ SaaS testing (multi-tenant isolation, RBAC, cross-tenant)

→ Cloud & infrastructure pentesting (IAM configurations, exposure, CIS Benchmarks)

→ Mobile assessment (local storage, encrypted communications)

Delivery of a structured report including: executive summary for management, proof of concepts (PoCs) mapped to CWE/CVSS, prioritized remediation plan, business impact matrix (GDPR, NIS2, DORA), and re-test attestation.

Founder of Laucked, a French cybersecurity firm based in Toulouse. Each mission is carried out directly by the founders, without subcontracting, with a free initial surface diagnostic to prioritize risks.

Areas: SME/Mid-cap Cybersecurity, Application Security Audits, Consulting and Audits, E-commerce, Digital Enterprises, Digital and IT Services.

Languages: French (native), English (professional).

Industry field of expertise

Languages

French
Native or bilingual
English
Fluent

Workplace preferences

Can work on-site

Colomiers (up to 50km)

Laucked - Plateforme de Sécurité IA
Founder & Cybersecurity Pentester
PUBLIC SAFETY
January 2025 - Today (1 year and 5 months)
Toulouse, France
French cybersecurity firm based in Toulouse, specializing in supporting SMEs and mid-cap companies. Co-founded with a direct approach: each mission is carried out by the founders, without subcontracting or junior profiles.

Services offered:
- Expert Pentesting for Web, API, AI/LLM, SaaS, and exposed surfaces
- Free surface diagnostic (72h) to identify exposed elements and prioritize risks
- Guard: continuous security monitoring and surveillance between missions

Methodology: OWASP (WSTG, API Top 10, LLM Top 10), PTES, MITRE ATT&CK, and CIS Benchmarks frameworks. Manual approach focused on business logic and vulnerability chaining.

Deliverables: Comprehensive report including executive summary (management), proof of concept (PoC) mapped to CWE/CVSS, prioritized remediation plan, business impact matrix (GDPR, NIS2, DORA), and re-test attestation.

Areas of intervention: SME/Mid-cap Cybersecurity, E-commerce, Public Sector, HealthTech, FinTech.
Penetration Testing Web Pentest Red Team LLM Security OWASP LLM
IUT 3 Paul Sabatier
AI Engineer
March 2024 - December 2024 (9 months)
Toulouse, France
Full RAG pipeline with PII detection (SpaCy NER), Redis semantic cache, and conversational memory. GLPI/ITSM integration for automated IT support. Docker/Kubernetes deployment with GitHub Actions CI/CD.
RAG Redis Kubernetes
Webmaniak
Machine Learning Engineer
July 2023 - February 2024 (7 months)
Toulouse, France
YOLOv8 anomaly detection pipeline (0.94 mAP@50). Edge optimization via structured pruning and INT8/TensorRT quantization — 60% inference time reduction. MLOps with DVC, Prometheus/Grafana monitoring.
TensorRT MLOps LLM Security