Sylvain Zyssman

Intervention Contexts

• IT organization at risk (security, delivery, governance)
• Regulated environments (healthcare, legal, SaaS)
• Large-scale AI / data projects
• Companies in difficulty requiring technical restructuring

Key Missions

• Technical and organizational audits (healthcare, legal, critical projects)
• Support for projects with regulatory requirements including NIS2 (continuity, supply chain security, incident governance)
• Risk analysis (security, isolation, access, continuity)
• Definition of structured remediation paths
• Clarification of responsibilities and governance

• Scoping of the certification perimeter (SaaS, K8s infrastructure, CI/CD pipeline)
• Gap analysis ISO/IEC 27001:2022 on 93 controls, identification and prioritization of non-conformities
• Development of the SoA, PSSI, and incident management policy
• ISMS implementation in a dedicated GRC tool
• Multi-regulatory context ISO 27001 / NIS2 / GDPR
• Monitoring of DORA metrics on K8s/Grafana pipeline

• Design of a multi-entity datalake (80 centers, millions of documents)
• LLM search engine with strict isolation per entity
• Cloud, security, and data governance arbitration
• Abstraction of LLM providers to limit strategic dependency

• Takeover of 3 high-risk projects
• Restructuring of teams and processes
• Securing delivery and customer relaunch

Results

• secure and isolated architectures
• reduction of regulatory risks
• stabilized delivery
• controlled and viable AI adoption

Context

• patient data confidentiality
• application robustness
• access isolation
• operational continuity

• database and sensitive data management vulnerabilities
• lack of strict isolation
• incomplete application security
• insufficiently formalized project governance

• comprehensive technical audit (code, architecture, application security)
• structured IT risk analysis (EBIOS-compatible approach: risk sources, scenarios, security measures)
• architecture restructuring for robustness & maintainability
• redefinition of project processes to secure delivery
• coordination with hospital teams & international partners

• secure and stable architecture
• reduction of regulatory and operational risk
• improvement of system maintainability
• secure delivery in a high confidentiality context

Context

• data confidentiality
• control over cloud dependencies
• access governance
• delivery continuity and robustness

• potential exposure to extraterritorial legislation
• strong dependency on existing infrastructure
• insufficiently formalized access governance
• poorly structured delivery pipeline

• end-to-end audit of the IS, cloud architecture & dependencies
• analysis of regulatory exposure (Cloud Act, DORA, ISO 27001)
• structured IT risk analysis (EBIOS-compatible approach: risk sources, scenarios, security measures)
• design of a secure sovereign architecture
• dedicated VMs
• network segmentation
• strict environment isolation
• implementation of formalized access governance
• CI/CD structuring without disruption for the teams
• redefinition of technical & organizational processes

• reduction of regulatory risk, legal exposure, and better control of technological dependencies
• isolated & controlled architecture
• clarified access governance
• secure DevOps and ML industrialization trajectory