Thomas Ferreira

Freelance mission combining cybersecurity strategy, project management, and technical expertise in a structuring context. Development of the cybersecurity roadmap: structuring by themes (personnel, environment, data, compliance), prioritization of projects. Project management: network segmentation, proxy deployment, ISPS update, formalization of the IT charter, management of franchisee obligations. Incident analysis and operational security monitoring via CrowdStrike (EDR), Wazuh (SIEM/IDS), Office 365 Security & Compliance stack. Management of security service providers: monitoring the MSSP, coordinating interventions of consulting firms (pentests, audits, specific missions).

Context: Initially integrated into the France team, responsible for the implementation and monitoring of cybersecurity projects defined with the French CISO. Following the reorganization by the American parent company Genuine Parts Company (GPC), the scope was expanded internationally as part of the creation of a global cybersecurity team. Management of cybersecurity projects in France: solution deployment, operational monitoring, coordination with local IT teams. Participation in the global operational management of security tools, in conjunction with global teams. Tools and solutions used: Proxy: iboss EDR: CrowdStrike SIEM: Splunk Ticketing: ServiceNow Cloud Security: Cloudflare (WAF, DNS, Access...) Vulnerability Management of vulnerabilities detected via Qualys and OpenVAS, in coordination with local and global teams. This included prioritization, risk analysis, remediation planning, and tracking of corrections until closure. Consideration of various compliance requirements depending on the country (Europe, US, etc.) and adaptation to local/international standards. Evolution within an American group (Genuine Parts Company), with a cybersecurity organization centralized in the United States. Daily exchanges with global teams conducted exclusively in English, both written and spoken (meetings, documentation, procedures). This immersion allowed me to strengthen my linguistic skills, but also to work according to Anglo-Saxon standards of security management and governance.

Cross-functional expertise in systems administration (Windows, Unix), networks (Cisco, HP, Extreme...), virtualization (VMware, Hyper-V, Oracle) and datacenters (migrations, hardware maintenance). Security specialist: integration and audit of firewall solutions (Fortinet, Palo Alto, Sophos…), SSL/NAC VPNs (Pulse Secure), secure Wi-Fi solutions (Ruckus, Meraki, Ubiquiti) and privileged access control (Wallix Bastion, Access Manager, 802.1X).