David DOUSSAL

En résumé

Entreprises

• Verizon Business - IS Security consultant - QSA auditor

  PUTEAUX 2010 - maintenant - For a French company involved in online and scratch games, I conducted an audit to optimize payment transaction costs.
  - The main challenges was :
  - the specific business of my client
  - understanding their cost breakdown
  - take into account local regulation like :
  - ARJEL (Autorié de régulation des jeux en ligne)
  - PCI DSS (Payment Card Industry Data Security Standard)
  - Interview with technical and non-technical employees (administrative and financial manager, CIO, marketing, ...)
  - For a financial organisation, I conducted a PCI DSS gap analysis
  - scope definition with the client
  - scope reduction proposal
  - interview with employees to evaluate the compliance level of systems in the scope
  - For a financial organisation, I wrote a PCI DSS practical guide to help their subsidiaries in the drawing up of their remediation plan
  - For a financial organisation, I helped the heard quarter to manage their subsidiaries on the road of PCI DSS conformity
  Responsibilities :
  - Lead meeting and support subsidiaries on information security subject matters
  - Validation of :
  - PCI DSS scope definition
  - PCI DSS gap analysis
  - Remediation plan
  - ISO/CEI 27001 Lead implementor

• Quaelys - IS security consultant

  Paris 2008 - 2010 - CISSP certified
  - Conducted intrusive security audits
  - Conducted IS security audits (adaptation of ISO/IEC 2700x)
  - Security equipments test and qualification
  - Network and security consultancy for CISO or CIO
  - Business and IT management support
  - Designed innovative centralized payment solution
  - Solution testing and validation (formed on breakingPoint system)

• Afone - Network security engineer

  Angers 2005 - 2008 - Designed and implemented an multi-site high-availability mail/anti-spam solution with load-sharing (Foundry, SAN/NAS EMC)
  - Designed and implemented an open-source PKI used to protect payment transactions (certificats X509, double authentication)
  - Involved in the creation of a new network operator (multi-site) :
  - Designed and implemented an IP/MPLS backbone (Redback, CISCO, FOUNDRY, BINTEC)
  - Designed and implemented the network security policy (Fortinet certified)
  - Designed and implemented transit connexion with two transit operator (CISCO, BGP, RIP, OSPF, HSRP)
  - Designed and implemented xDSL collect with two operators (LNS/LAC Redback, FreeRadius)
  - Conducted the agreement of the Afone payment solution with the GIE CB (approved on 08/22/2007)
  - Designed and implemented the MVNO platform (3 clusters Vmware, 2 sites, Storage EMC)
  - Delivering network training courses for technical staff.
  - Payment protocol : X25, XTT, XoT
  - CERTIFICATIONS : FORTINET, VMWARE VI3

• Intranode - Network security engineer

  2003 - 2003 •Design and configuration of infrastructure to validate the vulnerability scanner (2000 virtuals workstations (Vmware))
  • Intranode appliances security design (crypted file system, ...).
  • Network administration : Web server (IIS, Apache)
  • Unix environment (Linux, OpenBSD, FreeBSD), Windows 9x/NT/200x/XP
  • System script development (C/C++, Perl, Python, Ruby)
  • Security: firewall, IDS, pen testing, fingerprinting, honey pots
  • Crytpography: Symmetric-key, Public-key cryptography
  • Router CISCO
  • Secret Defense Habilitation

Formations

• ECOLE NATIONALE D'INGENIEURS DE BREST

  1998 - 2005 Informatique
  
  Responsable réseau des élèves

Réseau

• Bruno LASTRADE

• Daniel VACHETTA

• Farid ILLIKOUD

• France PERRIN

• Frederic PARISET

• Guillaume SCHLIENGER

• Patrick BAREL

• Thierry GUENOUN

• Vanessa MARCEAU

• Yves-Marie ANDRÉ