You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Malt Strategy
New report
Malt Tech Trends 2026
Yassine Hafdi IdrissiYH

Yassine Hafdi Idrissi

GRC Cybersecurity Consultant – OT & IT

€550/day
Paris, FR
3-7 years
Cybersecurity
DevSecOps
IEC 62443
ISO 27001
GRC

Average response time: 1 hour

Freelancer profile translated to English.
Back to original language

About Yassine

Are you looking for an expert capable of securing IT/OT industrial architectures and integrating cybersecurity from the design of your solutions?

An OT cybersecurity engineer certified ISO 27001 Lead Implementer, I work on critical industrial environments (IACS, energy infrastructures, transport) to structure risk management, strengthen communication architectures, and integrate Secure by Design into development cycles.

My expertise covers:

risk analysis (EBIOS RM, ISO 27005),
ISO 27001 and IEC 62443 compliance,
threat modeling (STRIDE, DFD, Microsoft TMT),
industrial protocol security (IEC 61850 / MMS, EtherCAT, SCADAPack, SCADA architectures based on Redis),
integration of Secure SDLC practices (SAST – Coverity, Squore, SCA – BDBA, vulnerability validation, CVSS scoring).

I support technical and product teams on Build-Time and Run-Time aspects (access control, input validation, segmentation, secure exchanges, traceability), with a pragmatic approach focused on attack surface reduction and operational resilience.

My added value: a dual understanding of development & industrial cybersecurity, allowing me to bridge the gap between technical architecture, regulatory requirements, and OT field constraints.
Consulting and Audits
Banking and Financial Services
Rail and Public transport
Digital and IT Services
IoT (Internet of Things)

  • French

    Native or bilingual

  • English

    Native or bilingual

  • Arabic

    Conversational

  • Spanish

    Conversational

Can work on-site
Paris (up to 50km)

Experience

  • Schneider Electric
    OT/IT Cybersecurity Consultant / Referent – Industrial Systems
    July 2025 - Today (11 months)
    Schneider Electric is a global leader in energy management and industrial automation, present in over 100 countries and strongly committed to developing critical solutions for industrial infrastructures.

    Within the EcoStruxure Automation Expert team, I led cybersecurity activities on industrial communication stacks, particularly around IEC 61850 (MMS Client), EtherCAT, SCADAPack, and SCADA integrations based on Redis.

    Tasks performed:

    • Conducted threat modeling activities (STRIDE) on Build-Time and Run-Time architectures
    • Analyzed and secured MMS flows between the IEC 61850 wrapper and external IEDs
    • Identified and formalized attack scenarios: spoofing, sniffing, privilege escalation, tampering, denial of service
    • Assessed vulnerabilities using CVSS v4 and drafted actionable test reports

    • Validated security controls in constrained OT environments
    • Integrated Secure SDLC practices (SAST, SCA, architecture reviews)
    • Contributed to aligning architectures with IEC 62443 and ISO 27001
    Secure SDLC Cyber Risk Analysis IEC 62443 ISO 27001 Threat Modeling
  • EIFFAGE
    OT/IT Cybersecurity Consultant – Grand Paris Express (Line 15)
    July 2024 - July 2025 (1 year)
    Paris, France
    Eiffage is a major European infrastructure player, involved in critical transport and energy projects.

    As part of the Grand Paris Express project, I participated in the deployment of cybersecurity requirements on complex industrial infrastructures.

    Missions performed:

    • IT/OT risk analysis on critical infrastructures
    • Application of ISO 27001 and IEC 62443 requirements
    • Design of network segmentation strategies
    • Hardening of industrial equipment and firewalls
    • Mapping of OT exposure surfaces
    • Coordination between IT, OT, and engineering teams
    ISO 27001 Cyber Risk Analysis IEC 62443
  • SETIC
    IT/OT Cybersecurity Engineer
    September 2021 - July 2024 (2 years and 10 months)
    Lognes, France
    SETIC is an industrial company specializing in the design and manufacture of cabling machinery for the energy and infrastructure sectors.

    Contribution to the implementation and continuous improvement of the ISMS (ISO 27001).

    Performance of IT/OT risk analyses and development of treatment plans.

    Application of IEC 62443 requirements to connected industrial environments.

    Definition of security perimeters and implementation of organizational and technical controls.
    Industrial Cybersecurity ISO 27001 Cyber Risk Analysis

Recommendations

Be the first to recommend Yassine

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Signup to reveal

Education

  • Engineering School
    CNAM Paris
    2024
    Ecole d'ingénieur, Systèmes Electroniques, Telecommunications et Informatique
  • BTS Digital Systems
    Lycée Louis Armand Paris 15e
    2021
    BTS Systèmes Numériques
Check out Yassine's education

Certifications

  • ISO 27001 Lead Implementer
    PECB
    2025
    Risk Analysis and Management Cyber Risk Assessment and Treatment Information Security Policy Development Information Security Governance (GRC) Preparation for ISO 27001 Audits (Internal / Certification) ISMS Implementation ISMS Scope Definition Selection and Implementation of Annex A Controls Non-conformity Management and Continuous Improvement Regulatory Compliance and Stakeholder Management

Skill set

EBIOS RM
Industrial Cybersecurity
Cyber Risk Analysis
Secure SDLC
Threat Modeling
SAST / DAST
CI/CD
Network Segmentation
Secure by Design
System Hardening
Vulnerability Management
Agile Methodology
IT/OT
Resilience
Cyber Resilience Act
Risk Assessment
Vulnerability Assessment

Categories