Sohan B.

Responsible for the build, run, and ongoing maintenance (MCO) of the international public and private PKI, providing service vision across different business units.

- Automation of certificate deployment, renewal, and revocation (SCEP / EST) / Agent deployment (Ansible / Terraform) / Script development (Bash & Powershell)

- Implementation of an international "self-service" certificate management platform (WebRA)

- Integration with MDM for certificate delivery

- Secrets management / Keyvault

- Migration of internal PKI from one vendor to another

- Consolidation of PKIs from different business units into a centralized PKI

- Consolidation of the corporate private and public PKI into a single interface (Improved self-service)

- Fine-grained RBAC management at the project level for certificate management

- DRP (Disaster Recovery Plan)

- Malware analysis

- Incident management

- Implementation of automated incident response rules based on SOC alerts

- Implementation of automated doubt resolution processes

- Enrichment of alerts to improve log correlation

- Automated retrieval of CMDB data to enable PKI RBAC

- Retrieval and filtering of CSPM alerts for ingestion into SIEM

- Chatbot for consolidating data from various log sources to simplify alert analysis for SecOps

Client types: Luxury - Government - Retail - Energy - Finance

Mission types: PKI - RFI - SI and Security Supervision Solutions - Network Segmentation - System Hardening - Incident Response - Network Architecture - Firewall Optimization - DevSecOps - SOC - Vulnerability Management

Scripting: Python / Bash / Powershell

Writing Customer Requirement Documents (CRD) - High-Level Design (HLD), Low-Level Design (LLD) - Certification Policy (PC) - Certification Practice Statement (CPS) - Technical Architecture Document (TAD) - Flow Matrix - Technical Implementation Documentation

Client relationship management during intense audit periods

Participated in a team to develop and deploy a secure virtual infrastructure representing the environment of a pharmaceutical company (manufacturer of a COVID vaccine). This company aimed to establish an internal cybersecurity division comprising a SOC, CERT, and CSIRT to ensure the cyber-resilience of its conventional IT and industrial OT assets.

- Risk analysis and audit of the current infrastructure.

- Bringing the SI up to current standards and proposing a redesign.

Development of three divisions: SOC - CERT - CSIRT:

CERT:

- Research of open-source tools for deploying a CERT

- Creation of a report on existing tools.

- Development of a Cyber Threat Intelligence platform.

- Planning meetings and platform improvement based on feedback.

- Research of reliable sources for threat intelligence.

- Aggregation of feeds into a single interface.

- Automated generation of bulletins on tools and malicious actors.

- Deployment and configuration of OpenCTI and MISP tools.

CSIRT:

- Research of open-source tools for incident response.

- Creation of a report on existing tools.

- Deployment and configuration of TheHive and Cortex tools.

SOC:

- Research of tools for SI monitoring.

- Creation of a market analysis report on monitoring tools.

- Deployment and configuration of Wazuh, Snort, and Suricata.

Redesign of the industrial production division for vaccines:

- Research on various IoT protocols (Zigbee, Z-Wave, LoRA, Modbus.)

- Development of a budget for setting up a research laboratory.

- Research on security vulnerabilities in these protocols.

- Planning of meetings to present research progress.